XSS

RXSS into HTML context with nothing encoded

Stored XSS into HTML context with nothing encoded

DOM XSS in document.write sink using source location.search

DOM XSS in innerHTML sink using source location.search

DOM XSS in jQuery anchor href attribute sink using location.search source

DOM XSS in jQuery selector sink using a hashchange event

Reflected XSS into attribute with angle brackets HTML-encoded

Stored XSS into anchor href attribute with double quotes HTML-encoded

Reflected XSS into a JavaScript string with angle brackets HTML encoded

DOM XSS in document.write sink using source location.search inside a select element

DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded

Reflected DOM XSS

Stored DOM XSS

RXSS into HTML context with most tags and attributes blocked

RXSS into HTML context with all tags blocked except custom ones

RXSS with some SVG markup allowed

RXSS in canonical link tag

RXSS into a JavaScript string with single quote and backslash escaped

RXSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped

SXSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped

SXSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped 2

RXSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped

Exploiting XSS to perform CSRF

RXSS with AngularJS sandbox escape without strings

RXSS with AngularJS sandbox escape and CSP

Reflected XSS with event handlers and href attributes blocked

RXSS in a JavaScript URL with some characters blocked

RXSS protected by very strict CSP, with dangling markup attack

RXSS protected by CSP, with CSP bypass