XSS Payload Generator

Payload Load script ($.getScript()) Load script (document.createElement()) Request URL (img) Request URL (XHR) JavaScript code

Obfuscation None Pass as string Base64 (atob()) Reverse String.fromCharCode() Character hex codes JSF*ck

Execution None eval() window['eval']() window['\x65\x76\x61\x6c']() Function()() window['Function']()() window['\x46\x75\x6e\x63\x74\x69\x6f\x6e']()() setTimeout() window['setTimeout']() window['\x73\x65\x74\x54\x69\x6d\x65\x6f\x75\x74']()

Injection type Basic polyglot / inline script 0xsobky - Ultimate XSS Polyglot String variable escape img element onerror SVG element Element onclick Element onmouseover Custom element and event

Encoding

Output