Title: Ultimate Cross Site Scripting Attack Cheat Sheet
Last Update: 2022-08-29
Note: This is a technical sheet for research about cross site scripting and script code injection attacks.
Please continue the ultimate cross site scripting cheat sheet list or contribute to update.
This cheat sheet list goes out to assist pentesters, developers, researchers & whitehats.
Tags:
onclick
ondblclick
onmousedown
onmousemove
onmouseover
onmouseout
onmouseup
onkeydown
onkeypress
onkeyup
onabort
onerror
onload
onresize
onscroll
onunload
onsubmit
onblur
onchange
onfocus
onreset
onselect
onMoveOn
Features:
script-unsafe-inline
style-inline-allowed
style-inline-blocked
unsafe-eval
external-scripts
external-iframes
controls-index-of-iframe
controls-name
controls-URL
not-innerHTML
chrome-only
safari-only
firefox-innerHTML
chrome-innerHTML
Brackets
>"
">
<"
><
>"<
.\>"%20<./
/>%20<
%20/%20>
%20">%20<
%3E%3C
Pjw=
/
%0A
%0C
%0D
<
%3C
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
\x3c
\x3C
\u003c
\u003C
XSS Strings: