XSS Security Test Post

Test 1: Script tag

document.title='XSS1-EXECUTED'

Test 2: Img onerror

Test 3: SVG onload

Test 4: javascript: URL

[Click me](javascript:document.title='XSS4-EXECUTED')

Test 5: Event handler on div

Click this div

Test 6: Iframe javascript

(Unsupported src)

Test 7: Body onload

Test 8: Input onfocus autofocus

Test 9: Details/summary with event

OpenContent

Test 10: Anchor with javascript href

Link

Test 11: Style with expression (IE)

test

Test 12: Math tag mXSS

Test 13: Object tag

Test 14: Embed tag

Test 15: Base tag hijack

Test 16: Meta refresh

Test 17: HTML entity encoded

Test 18: Unicode escape

unicode

Test 19: Data URI

data uri

Test 20: Form action

Submit

Test 21: Polyglot

jaVasCript:/-//*'/"//(/ */oNcliCk=document.title='XSS21' )//%0D%0A%0d%0a//</stYle/</telerik/</telerik/</titLe/</telerik/</teXtarEa/</telerik/</nOscRipt/-->">

Test 22: DOM Clobbering

clobber
proto clobber

Done - if document.title is still normal, XSS was blocked.