Introduction Contenido [ocultar] 
1 Introduction

2 Tests o
2.1 XSS Locator
o
2.2 XSS Locator (short)
o
2.3 No Filter Evasion
o
2.4 Filter bypass based polyglot
o
2.5 Image XSS using the JavaScript directive
o
2.6 No quotes and no semicolon
o
2.7 Case insensitive XSS attack vector
o
2.8 HTML entities
o
2.9 Grave accent obfuscation
o
2.10 Malformed A tags
o
2.11 Malformed IMG tags
o
2.12 fromCharCode
o
2.13 Default SRC tag to get past filters that check SRC domain
o
2.14 Default SRC tag by leaving it empty
o
2.15 Default SRC tag by leaving it out entirely
o
2.16 On error alert
o
2.17 IMG onerror and javascript alert encode
o
2.18 Decimal HTML character references
o
2.19 Decimal HTML character references without trailing semicolons
o
2.20 Hexadecimal HTML character references without trailing semicolons
o
2.21 Embedded tab
o
2.22 Embedded Encoded tab
o
2.23 Embedded newline to break up XSS
o
2.24 Embedded carriage return to break up XSS
o
2.25 Null breaks up JavaScript directive