By howo-test2 on Skatehive
XSS Security Test Post Test 1: Script tag document.title='XSS1-EXECUTED' Test 2: Img onerror Test 3: SVG onload Test 4: javascript: URL Click me Test 5: Event handler on div Click this div Test 6: Iframe javascript Test 7: Body onload Test 8: Input onfocus autofocus Test 9: Details/summary with event OpenContent Test 10: Anchor with javascript href Link Test 11: Style with expression (IE) test Test 12: Math tag mXSS Test 13: Object tag Test 14: Embed tag Test 15: Base tag hijack Test 16: Meta refresh Test 17: HTML entity encoded <script>document.title='XSS17-EXECUTED'</script> Test 18: Unicode escape unicode Test 19: Data URI document.title='XSS19-EXECUTED'">data uri Test 20: Form action Submit Test 21: Polyglot jaVasCript:/-//'/"//(/ */oNcliCk=document.title='XSS21' )//%0D%0A%0d%0a//"> Test 22: DOM Clobbering clobber proto clobber Done - if document.title is still normal, XSS was blocked.