Generation of Error Message Containing Sensitive Information in microweber/microweber
Valid
Reported on
Jan 19th 2022
Description
Sensitive information as part of the error is getting disclosed during the upload of an unrestricted file.
Steps to Reproduce
Instance 1
- Log in to the application https://demo.microweber.org
- Add a new post and upload an SVG file and you will see an error message getting Popped on the screen
Request
POST /demo/plupload HTTP/1.1
Host: demo.microweber.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------18722948012327188599867727395
Content-Length: 212649
Origin: https://demo.microweber.org
Connection: close
Referer: https://demo.microweber.org/demo/admin/post/25/edit
Cookie: laravel_session=yDq2fxz1F6K7BQePQdMXN9ypYMr6lXGl6W4ziCVS; remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=2%7CTtYWLvivLcGGOKkv5QqtzWhOA7vw6wZPZIbryyJKGsVNHLLfQ4n75QWDNFH8%7C%242y%2410%24114oPbqv.UAg3ca706prIuSTMe3pAc9qYqT2gOBR1uldB9UTk%2FlYu; back_to_admin=https%3A//demo.microweber.org/demo/admin/post/25/edit; csrf-token-data=%7B%22value%22%3A%221VHBRRgD7b6L6V5p4Qt0ykutyKn8qtMThrx2oKvv%22%2C%22expiry%22%3A1642591579890%7D; mw-back-to-live-edit=true; show-sidebar-layouts=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
-----------------------------18722948012327188599867727395
Content-Disposition: form-data; name="name"
SVG_XSS.svg
-----------------------------18722948012327188599867727395
Content-Disposition: form-data; name="chunk"
0
-----------------------------18722948012327188599867727395
Content-Disposition: form-data; name="chunks"
1
-----------------------------18722948012327188599867727395
Content-Disposition: form-data; name="file"; filename="blob"
Content-Type: application/octet-stream
<!DOCTYPE html>
<html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark">
<head>
<meta charset="utf-8">
<link rel="dns-prefetch" href="https://github.githubassets.com">
<link rel="dns-prefetch" href="https://avatars.githubusercontent.com">
<link rel="dns-prefetch" href="https://github-cloud.s3.amazonaws.com">
<link rel="dns-prefetch" href="https://user-images.githubusercontent.com/">
<link rel="preconnect" href="https://github.githubassets.com" crossorigin>
<link rel="preconnect" href="https://avatars.githubusercontent.com">
<link crossorigin="anonymous" media="all" integrity="sha512-dkuYFW+ra8yYSt342e5pJEeslPSjMcrMvNxlYZMyM/X+/WJHDPvoCuGq3LFojI7B0dQWwZNRiPMnbi9IfUgTaA==" rel="stylesheet" href="https://github.githubassets.com/assets/light-764b98156fab6bcc984addf8d9ee6924.css" /><link crossorigin="anonymous" media="all" integrity="sha512-UrAu23+eyncWvaQFwsLbgSKtmLb2aH1bcT4hJnnRdkaPuY1eu9bumt33FyHHFDX8hskTUNWNkIsMCz7FWQQHwA==" rel="stylesheet" href="https://github.githubassets.com/assets/dark-52b02edb7f9eca7716bda405c2c2db81.css" /><link data-color-theme="dark_dimmed" crossorigin="anonymous" media="all" integrity="sha512-kyu73YWtU8Fu2e7p+Hv094CRhaTvr8yy95vc1SQ2+MeWVWakGeIh/lv9yIFaYAb8J3oM6uBLGcn1kS6M1GxBCQ==" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_dimmed-932bbbdd85ad53c16ed9eee9f87bf4f7.css" /><link data-color-theme="dark_high_contrast" crossorigin="anonymous" media="all" integrity="sha512-jZSKF7Gx8T/AFthO0CUkWWpG5EBlIZb+tIYu8KgP/kizn7fpXEiXJcB73GTZ69wSVVSZ6Y1Cw286qP7pVZr0gg==" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_high_contrast-8d948a17b1b1f13fc016d84ed0252459.css" /><link data-color-theme="dark_colorblind" crossorigin="anonymous" media="all" integrity="sha512-E02WD8opZPpYu6LM9dlUSIHQgXtLmzi1KxMnaN/SA7k6ILsvpNJjpkBPU1sC98MitAOkCNIe6ozqY8+pHnrHZg==" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-134d960fca2964fa58bba2ccf5d95448.css" /><link data-color-theme="light_colorblind" crossorigin="anonymous" media="all" integrity="sha512-VWdBPHZj3WCDwaO0N2W8yvDZt7TNZohRIYK4sjjSU56485rCWazxnLr4p3DU8eqn2+eSj3CYYpw4+DzmwHOwew==" rel="stylesheet" data-href="https://github.githubassets.com/assets/light_colorblind-5567413c7663dd6083c1a3b43765bcca.css" /><link data-color-theme="light_high_contrast" crossorigin="anonymous" media="all" integrity="sha512-dw8LrBQMvo9HDd5lo2UEp/tvMVR6zJjrQkQTBVrhyaHDlL1p7UiQ9/xpqYxOz9s7s1Qh5Bjokuzu7NX0U5BeYA==" rel="stylesheet" data-href="https://github.githubassets.com/assets/light_high_contrast-770f0bac140cbe8f470dde65a36504a7.css" />
<link crossorigin="anonymous" media="all" integrity="sha512-JI4iu0GRJn8JWWjjFpgxE8twbc12j3AwRdPNfhhY1Uljw0IRWyLLaZ1KzRcbluo1g1lrchCk1/g5iqbnonk6aw==" rel="stylesheet" href="https://github.githubassets.com/assets/frameworks-248e22bb4191267f095968e316983113.css" />
<link crossorigin="anonymous" media="all" integrity="sha512-u9YXjpHx/H73kXVFWUac6MBcR7wIOe60Z0ddgAzQZyCHWJj6saO2C4iKRnzrrkAWYbg2mv4GDoA87rFJ0O/DFA==" rel="stylesheet" href="https://github.githubassets.com/assets/behaviors-bbd6178e91f1fc7ef791754559469ce8.css" />
<link crossorigin="anonymous" media="all" integrity="sha512-MCJFYfbQoT4EXC6aWx5Wghs8FC/jslHEeN2iWXphliccmede2dQlhIBTAUCBq9Yu5poltu4askungzvyCsycGg==" rel="stylesheet" href="https://github.githubassets.com/assets/tab-size-fix-30224561f6d0a13e045c2e9a5b1e5682.css" />
<link crossorigin="anonymous" media="all" integrity="sha512-45t+0/nYF4PCnaW9R7D0P66KnkasMk8YJ9+9SdFZYKeTRlLDElI5uAIjuUaJNnbf6o4vbnjOCFUXNL6UycWIlQ==" rel="stylesheet" href="https://github.githubassets.com/assets/github-e39b7ed3f9d81783c29da5bd47b0f43f.css" />
<script crossorigin="anonymous" defer="defer" integrity="sha512-xL/TCqX++9MMUrMlhro7FpcmPc1hJQ78V390q7dFTW3c/Uagp/4Py0XyOp2B2VNfyXXejIGaaPL69D4XMi6I3Q==" type="application/javascript" src="https://github.githubassets.com/assets/environment-c4bfd30a.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-fShHRup/esyktB8gUfk4UEDvGscgB1owt3auHE/N42BcBezls1MiNWmSv5Jy7mvRNvk3gIy+7mxrTHSfJgC1Pw==" type="application/javascript" src="https://github.githubassets.com/assets/chunk-frameworks-7d284746.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-EJrMWr2CjD94vCgVfSrOYzZ+HxC7+2x71ZjtMspWDIMT3AQqjKor9CRB20G/9FEeYygdlDK2jKflbH3rqK5g/w==" type="application/javascript" src="https://github.githubassets.com/assets/chunk-vendor-109acc5a.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-7vf6jzXUOnKa1ffxTMEE+r8RS4dkzJmBLwC9ZoIJGnexxTMrPCgDZtmZwubP5baExOZQU133DOu41yC89aqidA==" type="application/javascript" src="https://github.githubassets.com/assets/behaviors-eef7fa8f.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-ODZJzCJpaOfusrIka5QVZQcPiO9LBGyrrMYjhhJWSLuCN5WbZ5xiEiiOPOKVu71dqygyRdB2TY7AKPA1J5hqdg==" type="application/javascript" data-module-id="./chunk-unveil.js" data-src="https://github.githubassets.com/assets/chunk-unveil-383649cc.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-emPgUbSwW9ezLCgRnTE7n4fbbfc/MqEEDHmnkmG61dTyjWKHTYKN4wN3OPS7SY0fwmSJ8mB5+gng2nZw4/HsUg==" type="application/javascript" data-module-id="./chunk-animate-on-scroll.js" data-src="https://github.githubassets.com/assets/chunk-animate-on-scroll-7a63e051.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-ocfEAp6AJvGh4otXKow+AVJ14ysircwHagMkRQ3hoQvuy/U9agyT1cYKYiSYph1VLNaI/aAXwVd2go1pb3DD8A==" type="application/javascript" data-module-id="./chunk-input-demux.js" data-src="https://github.githubassets.com/assets/chunk-input-demux-a1c7c402.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-NTOP4z09gIe7czS8+1FJsErk9HK0eHFvRb5rw3s66rpoCkbeWdAZzMYJtSpTianmnc/fM51GrXn4PcS5Eu+sVQ==" type="application/javascript" data-module-id="./chunk-ref-selector.js" data-src="https://github.githubassets.com/assets/chunk-ref-selector-35338fe3.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-cvCTxUSxDHar4H+/68RGbmZHBf6zuy8SBHwgZdR3tB5dxL8LQ/zZ3yl5UWikpK1iT2XX+UEm1NaJausI2bo0SA==" type="application/javascript" data-module-id="./chunk-filter-input.js" data-src="https://github.githubassets.com/assets/chunk-filter-input-72f093c5.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-ynV5nM8UuCr4KZ/msFeRxRL6LnG+XUKzIfh6LNIzQ21ecjLVPvm53ghTE54aIuSUaHJWHnsYg8FRzycZIcRHiA==" type="application/javascript" data-module-id="./chunk-edit.js" data-src="https://github.githubassets.com/assets/chunk-edit-ca75799c.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-WaNkRh/O7vaD+7UwOOU4FOtNV2Npa7wgcJ8c8U/9wVd2XUD1WxdS0soI/m7KeE03aR/PdvGymCR58atKBhxcBg==" type="application/javascript" data-module-id="./chunk-responsive-underlinenav.js" data-src="https://github.githubassets.com/assets/chunk-responsive-underlinenav-59a36446.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-gmw7obKL/JEHWPp6zWFh+ynbXUFOidj1DN2aPiTDwP8Gair0moVuDmA340LD84A29I3ZPak19CEiumG+oIiseg==" type="application/javascript" data-module-id="./chunk-tag-input.js" data-src="https://github.githubassets.com/assets/chunk-tag-input-826c3ba1.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-Ao9llFIlj54ApuKf2QLboXukbu2h7MHfMmtYHrrsVe1lprKNLiA0usVcRpvruKhfT5STDuWm/GGmyx8ox27hWQ==" type="application/javascript" data-module-id="./chunk-notification-list-focus.js" data-src="https://github.githubassets.com/assets/chunk-notification-list-focus-028f6594.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-SPWd3rzrxmU6xW6vy1JPWCd+3uWFWmnd0MVGpmw/TpHWUAdLWDqL8kWyC/sBIZJmda4mTtUO1DHJQzAXRSrC+g==" type="application/javascript" data-module-id="./chunk-cookies.js" data-src="https://github.githubassets.com/assets/chunk-cookies-48f59dde.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-hjey7b0+UFZG85cw5+e+8/fHY3YiTdErWMpFZNpvEATl87TyXDWIAeQpK+KYZgGojs9Df161zUjYHzoDK8qndA==" type="application/javascript" data-module-id="./chunk-async-export.js" data-src="https://github.githubassets.com/assets/chunk-async-export-8637b2ed.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-tw9SApiMkftVBYeb6/VGhEwGNw8tlyBhXc9RVXH4UbCD6u+48uuCMvXf3bxvBdOld0OoYg83SnD2mgJWhdaTiQ==" type="application/javascript" data-module-id="./chunk-premium-runners.js" data-src="https://github.githubassets.com/assets/chunk-premium-runners-b70f5202.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-D576CjzS9sbDqFBJdq0Y6+KVMHXkO6mLFO/GRL1NtoE8jgXjAvmdjoZ4nNMWyDwqbtBHspvupORzE9L+YoBLYQ==" type="application/javascript" data-module-id="./chunk-get-repo-element.js" data-src="https://github.githubassets.com/assets/chunk-get-repo-element-0f9efa0a.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-x8vIlhju5IkvMKun7jYW4CTzHCXPkqSucCHUUMSwOSfS9Hba5w93pDLkP2f6YVjWUBtyMb8+hL2NTlFWuaOJzg==" type="application/javascript" data-module-id="./chunk-prefetched-provider.js" data-src="https://github.githubassets.com/assets/chunk-prefetched-provider-c7cbc896.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-xhSAO0KtnFAlRqAK+mg8BPj/J334ccvnCmmjmBQBCgZcsoO9teHJSS6oAn3XOWYFsWPU2JehwG7S3OVEbLwdUg==" type="application/javascript" data-module-id="./chunk-color-modes.js" data-src="https://github.githubassets.com/assets/chunk-color-modes-c614803b.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-jitxouuFY6SUcDZV5W3jhadVEIfFBfCQZxfPV3kxNnsWEBzbxMJFp0ccLb7+OlBjSs1zU/MNtuOV6T9Ay7lx4w==" type="application/javascript" data-module-id="./chunk-copy.js" data-src="https://github.githubassets.com/assets/chunk-copy-8e2b71a2.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-gwuBCPcczyGD5IyVEn/uqJXvT07GaVMryQC+ZfDhViO9r2JaqeAc4ooM3cVSjqo4m3IK6Y+boPI8MSf4mLlAgQ==" type="application/javascript" data-module-id="./chunk-voting.js" data-src="https://github.githubassets.com/assets/chunk-voting-830b8108.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-HDsLJf6gAN+WDFaJneJwmIY82XkZKWqeX7tStBLRh1XM53K8vMV6JZvjq/UQXszaNVWxWcuYtgYTG6ZWo8+QSw==" type="application/javascript" data-module-id="./chunk-confetti.js" data-src="https://github.githubassets.com/assets/chunk-confetti-1c3b0b25.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-vAs99bZfAF+pQjzGYSEM/dzYwm4SIxUxrcjdLuatAV6WJu/kfw8+s/SO7In/gHFhCR08sl7a38vA+dDmYAYHyQ==" type="application/javascript" data-module-id="./chunk-codemirror.js" data-src="https://github.githubassets.com/assets/chunk-codemirror-bc0b3df5.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-Gr3ZcJt5t73JeBM3NwOEziKyDZ3HpHwzqZL/c1pgTUfo+6QC5f88XXRw/RT6X2diwqvaa3OVFh0oWsZ9ZxhtdQ==" type="application/javascript" data-module-id="./chunk-tip.js" data-src="https://github.githubassets.com/assets/chunk-tip-1abdd970.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-EdQvlnI4Pu5Q6K0HCvp+mi0Vw9ZuwaEuhbnCbmFKX+c0xwiUWY0L3n9P0F6doLhaHhfpvW3718+miL11WG4BeA==" type="application/javascript" data-module-id="./chunk-line.js" data-src="https://github.githubassets.com/assets/chunk-line-11d42f96.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-4zSHP2sQXPKoN9jFy8q2ThHsQNej8s4qhubSR4g0/2dTexAEnoTG+RbaffdIhmjfghGjpS/DlE0cdSTFEOcipQ==" type="application/javascript" data-module-id="./chunk-array.js" data-src="https://github.githubassets.com/assets/chunk-array-e334873f.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-g8fb6U7h9SkWgiK69nfNMn4aN5D2YBYPZUbCIuLpemWoOw8NOaZY8Z0hPq4RUVs4+bYdCFR6K719k8lwFeUijg==" type="application/javascript" data-module-id="./chunk-band.js" data-src="https://github.githubassets.com/assets/chunk-band-83c7dbe9.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-ts+QjRdJ8l4YeV4z8foKCE8+AXJ3uSCGpWPjcVyut5LRzvgdtDXLpy1LYSyBpy7E0PlkRswBVgw1Va/EQ7d5lA==" type="application/javascript" data-module-id="./chunk-branch-from-issue-button.js" data-src="https://github.githubassets.com/assets/chunk-branch-from-issue-button-b6cf908d.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-4GJz2wyWwjq7P4hyx3qSkjvnTO7RG5cWvnePVXPB+Oji6MBVugAdl7kCTKbpX8+Ae2ONvGJwFzSc9A7m1pqzXw==" type="application/javascript" data-module-id="./chunk-toast.js" data-src="https://github.githubassets.com/assets/chunk-toast-e06273db.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-miaiZ1xkDsWBUsURHOmeYtbgVKQGnm1octCo/lDXUmPzDyjtubnHULRVw1AK+sttwdwyB0+LOyhIVAWCNSGx+A==" type="application/javascript" data-module-id="./chunk-delayed-loading-element.js" data-src="https://github.githubassets.com/assets/chunk-delayed-loading-element-9a26a267.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-GD25CNhMGDMzEmeFhUT0FILBupAkx5/CHohnYXOP1togy40O0iu/lASaSp3gV8ue0nwscalJVQqR5gKDRHHDVg==" type="application/javascript" data-module-id="./chunk-three.module.js" data-src="https://github.githubassets.com/assets/chunk-three.module-183db908.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-qwKkUOCe9NRy5gko6rOyhXg/96Ck+WNFqoHulZlxARmPG6viW1JmqVat5FS9QYB9aoCeyYY7vfrllz5+/JSieg==" type="application/javascript" data-module-id="./chunk-invitations.js" data-src="https://github.githubassets.com/assets/chunk-invitations-ab02a450.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-vFR+IqThljOLrAWmjhOL/kiQrjgZZg95uPovX0J7kRH5p7Y049LDRZaXLMDijfeqqk71d3MMn9XP5bUcH+lB9w==" type="application/javascript" data-module-id="./chunk-profile.js" data-src="https://github.githubassets.com/assets/chunk-profile-bc547e22.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-W3TFrSn3Iqu38aVxxYxFiNGzaVmLXtGfwRDVRH1RwRvqPVerX1fjQPEYag+HqAoWaGy5ssVFp42oyOIV93afBw==" type="application/javascript" data-module-id="./chunk-overview.js" data-src="https://github.githubassets.com/assets/chunk-overview-5b74c5ad.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-pTTrav4l7gbsAu4I8D/EeswJmvjNoSDQG+m8IxXwFHEZ1guasobEmCNB3H5gy9brild3bKp5LqpoPzwx631/rA==" type="application/javascript" data-module-id="./chunk-advanced.js" data-src="https://github.githubassets.com/assets/chunk-advanced-a534eb6a.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-vaGnAx5Fp/lV6x+tWNtSKS8H0hTaiXw2b4N16r0CYjAQ6Gcjl1BOWqWgmPPisyYO4drrI8Qz9rWJCWYTuOchjw==" type="application/javascript" data-module-id="./chunk-runner-groups.js" data-src="https://github.githubassets.com/assets/chunk-runner-groups-bda1a703.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-5H5N/3G/20nmVKntphXb9z0H9q3URFDmHSccLhFkMSA8ILAA9mYlRKCWAWoDcl/W437jtGw1tIxjWStfInvidw==" type="application/javascript" data-module-id="./chunk-profile-pins-element.js" data-src="https://github.githubassets.com/assets/chunk-profile-pins-element-e47e4dff.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-6WJL+zyYirKxwD8MNBenuxbMKvCeskXBrXISNlqhV3kltmI8kiSjUX0nDQM3fXeSakcll12sYS8Pli1GFPtG9Q==" type="application/javascript" data-module-id="./chunk-emoji-picker-element.js" data-src="https://github.githubassets.com/assets/chunk-emoji-picker-element-e9624bfb.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-EvJ2Fip59DXgARNuwTWgjdVqoCjhXQL73SP9yexijlWStKq92sfbKeGK5R4wIP0QOr39WsnW/Kaw3Wpl1QPfog==" type="application/javascript" data-module-id="./chunk-edit-hook-secret-element.js" data-src="https://github.githubassets.com/assets/chunk-edit-hook-secret-element-12f27616.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-91JzWtpBUoC7Z4dQpeXRegjwCMooGPFtg/vXxaIGVTxguoOcI/hEdyM7otQGRNQmMencK71thI0oGt11Wgfrww==" type="application/javascript" data-module-id="./chunk-insights-query.js" data-src="https://github.githubassets.com/assets/chunk-insights-query-f752735a.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-A4+sPduE2X0cc/19SihtArg8rOMkWCEKVPijHL3aIEuIRZTPi2ANE9Tem3m7omxDllmvPRqwCxL/snQqYRFslA==" type="application/javascript" data-module-id="./chunk-remote-clipboard-copy.js" data-src="https://github.githubassets.com/assets/chunk-remote-clipboard-copy-038fac3d.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-eO/r0W5ywI2kxVkcH8yquw3n5Gh+cA8lVOgxd+ecgJYU81FB4Q5FqFxgHhx1omigPwexB4ltwXBMDhSeW6qNeQ==" type="application/javascript" data-module-id="./chunk-series-table.js" data-src="https://github.githubassets.com/assets/chunk-series-table-78efebd1.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-eCSMVL1aAfhWSme4/3seObqN3HNdkxWVKaAX5bmZmxIXZdv0ixnuFJeESYdLeMED/wQETtQ971A03mLF3ZX8eQ==" type="application/javascript" data-module-id="./chunk-line-chart.js" data-src="https://github.githubassets.com/assets/chunk-line-chart-78248c54.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-rZhcZvsxbGBxibYeNv4aHYZkgZzW6xnRcAqmuOCbq/ehJgr75pxgiV7HrGrYrX9HNmyH8T+90HC9WSBZNM4L3g==" type="application/javascript" data-module-id="./chunk-bar-chart.js" data-src="https://github.githubassets.com/assets/chunk-bar-chart-ad985c66.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-/QP5yDdYoor56F2+SyPr/8a9FtvCZnnGP0d+lSAHQR5n+xYjaiY6LjJGB/x1cevAH8r4XY/axNN9fRWIfbwAcA==" type="application/javascript" data-module-id="./chunk-stacked-area-chart.js" data-src="https://github.githubassets.com/assets/chunk-stacked-area-chart-fd03f9c8.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-vpoUvguAAa407MM8rCOkmVR8haIGkvj5iav0VFOnIQc0cGwu+pm7QdqhY2HMB5WGdFC0zJgLfVSY+dgr5rKKLg==" type="application/javascript" data-module-id="./chunk-presence-avatars.js" data-src="https://github.githubassets.com/assets/chunk-presence-avatars-be9a14be.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-TpHTIXhA/2bI21CVmFL1oS3dv+8zveJVZLOVVAZwXNAAI94Hy70L9vT3Q1Vvkyu4Z2gi2iFdy1a53pfYlEDgnQ==" type="application/javascript" data-module-id="./chunk-pulse-authors-graph-element.js" data-src="https://github.githubassets.com/assets/chunk-pulse-authors-graph-element-4e91d321.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-aNAcFMlIdG1ocY5LnZylnN/6KXiJxyPvKg7y1Jnai732wdnrjXazcvNiQkRnj5FY8WP6JRa3K4doCReA4nhj7w==" type="application/javascript" data-module-id="./chunk-stacks-input-config-view.js" data-src="https://github.githubassets.com/assets/chunk-stacks-input-config-view-68d01c14.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-bbW4T9/r8Np2kfViflgQnNiRYxuqR7rLgtTFUkdFLvok75aQSUlYsD5wXqKPpttPfvKicBAgztCOTkpNMPSQLA==" type="application/javascript" data-module-id="./chunk-community-contributions.js" data-src="https://github.githubassets.com/assets/chunk-community-contributions-6db5b84f.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-Kpqa6sgByBKUyzDDVVdWoGttf2SAPsHt7fGHAS7gB62Ve7KemFKz3+gvVJsvBsrErVm/eQQYT/U+kDHbnr3tFA==" type="application/javascript" data-module-id="./chunk-discussion-page-views.js" data-src="https://github.githubassets.com/assets/chunk-discussion-page-views-2a9a9aea.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-+EMrCbglrI+ow8JMBlikKWUdEVlJjllBRZFnYWVfaRXbBO1eIGSa6LV6qBRvRPPVvS+sw1SiOhBHQhGy053CJA==" type="application/javascript" data-module-id="./chunk-discussions-daily-contributors.js" data-src="https://github.githubassets.com/assets/chunk-discussions-daily-contributors-f8432b09.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-JFlBSiDVD4MXke66qKnk36YUTW3leIZNOH2wqYmOKuxS7BsWCRmcrYrUU5plAKfsSDym1Lqf2bwpEOuVY0DCbw==" type="application/javascript" data-module-id="./chunk-discussions-new-contributors.js" data-src="https://github.githubassets.com/assets/chunk-discussions-new-contributors-2459414a.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-TLQillrC8dagau7Smjy8GmWx3jhSvBCnkTPMStBL7tvLAaowBuGx38ICPFBdM+3ammiRlfXAaEe5OdpimWnnmQ==" type="application/javascript" data-module-id="./chunk-tweetsodium.js" data-src="https://github.githubassets.com/assets/chunk-tweetsodium-4cb42296.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-n/DsfzdSaU1bKi3ivZXXs7iMfsOrJlAA79kXzcW7GRKzae6PKBcWfvADd06iCozz06qaJWUMlbbEzzOK2jh50g==" type="application/javascript" data-module-id="./chunk-jump-to.js" data-src="https://github.githubassets.com/assets/chunk-jump-to-9ff0ec7f.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-XDr8QWIAI1E/liTdL7vUrMoqB9hL6z1+ab25o0pGeJmUZg6XiRmtxB6odVW9Ak3q/e5BJGiZtmeHKS3Fo/AA6w==" type="application/javascript" data-module-id="./chunk-user-status-submit.js" data-src="https://github.githubassets.com/assets/chunk-user-status-submit-5c3afc41.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-L2jxBDS9QAN9O1qn7LqMcs0YJn/gF6xW73zSbWPRlVCEnG05dexaoJWkAG6RqALTnXLsj2GTUKnba6DATR828g==" type="application/javascript" data-module-id="./chunk-launch-code-element.js" data-src="https://github.githubassets.com/assets/chunk-launch-code-element-2f68f104.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-cvjyIYhR2ZkuFAXHYZSjPTc5wXYOdISgqbXw69CXpDXdxffXmXuzjCcGJNVk3mDNYsVH4Q9sb2UMNPFrNxxRUQ==" type="application/javascript" data-module-id="./chunk-metric-selection-element.js" data-src="https://github.githubassets.com/assets/chunk-metric-selection-element-72f8f221.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-/2Oeznu4Qh8QuYb4OvlxCrx/tIfHWnJrhjNFW7MOl0nRMSVUPowbUJ4F+HpdkepXw/OZkF22CN7CN1dRv8bJmQ==" type="application/javascript" data-module-id="./chunk-severity-calculator-element.js" data-src="https://github.githubassets.com/assets/chunk-severity-calculator-element-ff639ece.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-qyKiiHoQgmZhPRV7QexCydpjeAl9ryNe0g8r+9eaXogC2a6R4iOXRVZvJLv0rDwACJHhba6t/FFm67Q/5vXypA==" type="application/javascript" data-module-id="./chunk-command-palette-page-element.js" data-src="https://github.githubassets.com/assets/chunk-command-palette-page-element-ab22a288.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-7tuVhi/5l3tU55d+BrN6T/sfSnp/K+AOJxNIaiqjsSndTpU/V/z7+nBgEbCtZqiJoTv0DAQvYiVYbT0RsYiYPg==" type="application/javascript" data-module-id="./chunk-command-palette-page-stack-element.js" data-src="https://github.githubassets.com/assets/chunk-command-palette-page-stack-element-eedb9586.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-4Dvmms6NEhoUtRIOVySQyuxo4pc+5+AUsmnzfsDOXFRwjBHepSwTGqsbO+hHpBzrtYIjqIjaXA+6cDjyJy+HqA==" type="application/javascript" data-module-id="./chunk-readme-toc-element.js" data-src="https://github.githubassets.com/assets/chunk-readme-toc-element-e03be69a.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-aGaoVKNIqNkSpelOnfn0UCDbQLW2XBUVVkOOgVZXFNDfgJgFQNMXALc0964DwIi9kYrkYQIShePOSMFo20hHkw==" type="application/javascript" data-module-id="./chunk-feature-callout-element.js" data-src="https://github.githubassets.com/assets/chunk-feature-callout-element-6866a854.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-qNDdxgftImxudCMmfMmcxMBXvelYxSupLrG9ehwER1lFAGR6AND7oYQV5AwDd6+ebC75Pag2r8vRkMpZMuicPA==" type="application/javascript" data-module-id="./chunk-codespaces-policy-form-element.js" data-src="https://github.githubassets.com/assets/chunk-codespaces-policy-form-element-a8d0ddc6.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-+aCVCMGHjL+zXInuzIJ4VEykZcUNHS0rSsd1wj/21i2qS3C3J3ErL/8hYR8E+j9+qIRzpyJyKTYlCgajVbFL3g==" type="application/javascript" data-module-id="./chunk-action-list-element.js" data-src="https://github.githubassets.com/assets/chunk-action-list-element-f9a09508.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-VgXsf/QtnIz5B5ngpQiPBYgV/RiukslwG4v/s5UnI65K7zovAljy0GmrHxC/V4duAZr+gHBZR3m+DVPYWANq9A==" type="application/javascript" data-module-id="./chunk-memex-project-picker-element.js" data-src="https://github.githubassets.com/assets/chunk-memex-project-picker-element-5605ec7f.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-ooYcnNLBDnMePhMvdQEQiItFZowYg4gwklGZGCrAWPW1LCxePPkzB1kr8U3Bay0NPKYEDmICeXBqqDPd8EDmqA==" type="application/javascript" data-module-id="./chunk-project-picker-element.js" data-src="https://github.githubassets.com/assets/chunk-project-picker-element-a2861c9c.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-YYzSijUU1oA10iMuvfzSHMK7vrQzu8aiLpIfD13kpcq2KVMqdOrIASINY5sBUNPNFZbSLKmBfTcEXEKVcQZHfQ==" type="application/javascript" data-module-id="./chunk-sortable-behavior.js" data-src="https://github.githubassets.com/assets/chunk-sortable-behavior-618cd28a.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-6JUQHgkTqBaCCdDugMcO4fQ8YxUHk+m6rwVp2Wxa4FMVz6BbBMPOzGluT4wBq8NTUcFv6DnXSOnt5e85jNgpGg==" type="application/javascript" data-module-id="./chunk-drag-drop.js" data-src="https://github.githubassets.com/assets/chunk-drag-drop-e895101e.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-3W46fSBMvt8hnBUTSCHAAPbt4DHI5VXdI2qT0YMyv8sco5NvjmGHp2M0OlTNxepPEOb8LCplxxzCwrgMubsIug==" type="application/javascript" data-module-id="./chunk-contributions-spider-graph.js" data-src="https://github.githubassets.com/assets/chunk-contributions-spider-graph-dd6e3a7d.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-VQRofBwNZhBa4vBuw0P5bjjlVtO2R+l1M0TOfMZHX1bB7xy//CFwqmyaL24rLfgLx8sahKZ7eEw1o+nkFoUzNA==" type="application/javascript" data-module-id="./chunk-webgl-warp.js" data-src="https://github.githubassets.com/assets/chunk-webgl-warp-5504687c.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-BJqv3ogFAmgB/cS8ozwg7TYR1N8edObpg4+nDyb+tos+hcoeR0Yx9jeG/PzXFy2Nod4Kr9eKqzEe3yiCjGGytg==" type="application/javascript" src="https://github.githubassets.com/assets/repositories-049aafde.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-ZZ/HJQDZ5CXnjvOI1QJ9ZwPEqp5us5aY8iY/NsX/NoWfV41bw4p09gHYClgOn4K/4DQPeFMU4u6peLMWPBs9uQ==" type="application/javascript" src="https://github.githubassets.com/assets/diffs-659fc725.js"></script>
<meta name="viewport" content="width=device-width">
<title>PayloadsAllTheThings/SVG_XSS.svg at master · swisskyrepo/PayloadsAllTheThings</title>
<meta name="description" content="A list of useful payloads and bypass for Web Application Security and Pentest/CTF - PayloadsAllTheThings/SVG_XSS.svg at master · swisskyrepo/PayloadsAllTheThings">
<link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="GitHub">
<link rel="fluid-icon" href="https://github.com/fluidicon.png" title="GitHub">
<meta property="fb:app_id" content="1401488693436528">
<meta name="apple-itunes-app" content="app-id=1477376905" />
<meta name="twitter:image:src" content="https://repository-images.githubusercontent.com/71220757/c7175e80-dafd-11ea-8e0b-9c42c639ae35" /><meta name="twitter:site" content="@github" /><meta name="twitter:card" content="summary_large_image" /><meta name="twitter:title" content="PayloadsAllTheThings/SVG_XSS.svg at master · swisskyrepo/PayloadsAllTheThings" /><meta name="twitter:description" content="A list of useful payloads and bypass for Web Application Security and Pentest/CTF - PayloadsAllTheThings/SVG_XSS.svg at master · swisskyrepo/PayloadsAllTheThings" />
<meta property="og:image" content="https://repository-images.githubusercontent.com/71220757/c7175e80-dafd-11ea-8e0b-9c42c639ae35" /><meta property="og:image:alt" content="A list of useful payloads and bypass for Web Application Security and Pentest/CTF - PayloadsAllTheThings/SVG_XSS.svg at master · swisskyrepo/PayloadsAllTheThings" /><meta property="og:site_name" content="GitHub" /><meta property="og:type" content="object" /><meta property="og:title" content="PayloadsAllTheThings/SVG_XSS.svg at master · swisskyrepo/PayloadsAllTheThings" /><meta property="og:url" content="https://github.com/swisskyrepo/PayloadsAllTheThings" /><meta property="og:description" content="A list of useful payloads and bypass for Web Application Security and Pentest/CTF - PayloadsAllTheThings/SVG_XSS.svg at master · swisskyrepo/PayloadsAllTheThings" />
<link rel="assets" href="https://github.githubassets.com/">
<link rel="shared-web-socket" href="wss://alive.github.com/_sockets/u/77883099/ws?session=eyJ2IjoiVjMiLCJ1Ijo3Nzg4MzA5OSwicyI6ODEzODM4MjkyLCJjIjo0NzM4OTAxNCwidCI6MTY0MjU4OTQyMX0=--c68b0ba2de485a84e13d6ced8f1d48ce8c4d22a7aaaf5e49e80e6bb5697905d8" data-refresh-url="/_alive" data-session-id="6cc1e7d0689a0e9f3188878ab69c327cad510dd17af7d905e8ae5ffcb198fe61">
<link rel="shared-web-socket-src" href="/assets-cdn/worker/socket-worker-9c817d86.js">
<link rel="sudo-modal" href="/sessions/sudo_modal">
<meta name="request-id" content="D27E:5B83:8B2F2A:9C8043:61E7ECC6" data-pjax-transient="true" /><meta name="html-safe-nonce" content="a671ce15deee10b74be20f6dd80a72c3dc667c9098461850e0cd6e8e7f649856" data-pjax-transient="true" /><meta name="visitor-payload" content="eyJyZWZlcnJlciI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zd2lzc2t5cmVwby9QYXlsb2Fkc0FsbFRoZVRoaW5ncy90cmVlL21hc3Rlci9YU1MlMjBJbmplY3Rpb24vRmlsZXMiLCJyZXF1ZXN0X2lkIjoiRDI3RTo1QjgzOjhCMkYyQTo5QzgwNDM6NjFFN0VDQzYiLCJ2aXNpdG9yX2lkIjoiNDAzNTc3MTEyODAzMjkxNTM2MiIsInJlZ2lvbl9lZGdlIjoiYXAtc291dGgtMSIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==" data-pjax-transient="true" /><meta name="visitor-hmac" content="64e2252c7d2654626fc40c234865953d60b9e5ce21d6f154d1992ba6e9b66bfe" data-pjax-transient="true" />
<meta name="hovercard-subject-tag" content="repository:71220757" data-pjax-transient>
<meta name="github-keyboard-shortcuts" content="repository,source-code" data-pjax-transient="true" />
<meta name="selected-link" value="repo_source" data-pjax-transient>
<meta name="google-site-verification" content="c1kuD-K2HIVF635lypcsWPoD4kilo5-jA_wBFyT4uMY">
<meta name="google-site-verification" content="KT5gs8h0wvaagLKAVWq8bbeNwnZZK1r1XQysX3xurLU">
<meta name="google-site-verification" content="ZzhVyEFwb7w3e0-uOTltm8Jsck2F5StVihD0exw2fsA">
<meta name="google-site-verification" content="GXs5KoUUkNCoaAZn7wPN-t01Pywp9M3sEjnt_3_ZWPc">
<meta name="octolytics-url" content="https://collector.githubapp.com/github/collect" /><meta name="octolytics-actor-id" content="77883099" /><meta name="octolytics-actor-login" content="shubh123-tri" /><meta name="octolytics-actor-hash" content="06ddeedd9c3f3014057e6a2036bf3f8388e687d5113781922932292f09bcd0e2" />
<meta name="analytics-location" content="/<user-name>/<repo-name>/blob/show" data-pjax-transient="true" />
<meta name="optimizely-datafile" content="{"version": "4", "rollouts": [], "typedAudiences": [], "anonymizeIP": true, "projectId": "16737760170", "variables": [], "featureFlags": [], "experiments": [{"status": "Running", "audienceIds": [], "variations": [{"variables": [], "id": "20438636352", "key": "control"}, {"variables": [], "id": "20484957397", "key": "treatment"}], "id": "20479227424", "key": "growth_ghec_onboarding_experience", "layerId": "20467848595", "trafficAllocation": [{"entityId": "20484957397", "endOfRange": 1000}, {"entityId": "20484957397", "endOfRange": 3000}, {"entityId": "20484957397", "endOfRange": 5000}, {"entityId": "20484957397", "endOfRange": 6000}, {"entityId": "20484957397", "endOfRange": 8000}, {"entityId": "20484957397", "endOfRange": 10000}], "forcedVariations": {"85e2238ce2b9074907d7a3d91d6feeae": "control"}}, {"status": "Running", "audienceIds": [], "variations": [{"variables": [], "id": "20667381018", "key": "control"}, {"variables": [], "id": "20680930759", "key": "treatment"}], "id": "20652570897", "key": "project_genesis", "layerId": "20672300363", "trafficAllocation": [{"entityId": "20667381018", "endOfRange": 5000}, {"entityId": "20680930759", "endOfRange": 10000}], "forcedVariations": {"83356e17066d336d1803024138ecb683": "treatment", "18e31c8a9b2271332466133162a4aa0d": "treatment", "10f8ab3fbc5ebe989a36a05f79d48f32": "treatment", "1686089f6d540cd2deeaec60ee43ecf7": "treatment"}}], "audiences": [{"conditions": "[\"or\", {\"match\": \"exact\", \"name\": \"$opt_dummy_attribute\", \"type\": \"custom_attribute\", \"value\": \"$opt_dummy_value\"}]", "id": "$opt_dummy_audience", "name": "Optimizely-Generated Audience for Backwards Compatibility"}], "groups": [], "sdkKey": "WTc6awnGuYDdG98CYRban", "environmentKey": "production", "attributes": [{"id": "16822470375", "key": "user_id"}, {"id": "17143601254", "key": "spammy"}, {"id": "18175660309", "key": "organization_plan"}, {"id": "18813001570", "key": "is_logged_in"}, {"id": "19073851829", "key": "geo"}, {"id": "20175462351", "key": "requestedCurrency"}, {"id": "20785470195", "key": "country_code"}], "botFiltering": false, "accountId": "16737760170", "events": [{"experimentIds": [], "id": "17911811441", "key": "hydro_click.dashboard.teacher_toolbox_cta"}, {"experimentIds": [], "id": "18124116703", "key": "submit.organizations.complete_sign_up"}, {"experimentIds": [], "id": "18145892387", "key": "no_metric.tracked_outside_of_optimizely"}, {"experimentIds": [], "id": "18178755568", "key": "click.org_onboarding_checklist.add_repo"}, {"experimentIds": [], "id": "18180553241", "key": "submit.repository_imports.create"}, {"experimentIds": [], "id": "18186103728", "key": "click.help.learn_more_about_repository_creation"}, {"experimentIds": [], "id": "18188530140", "key": "test_event.do_not_use_in_production"}, {"experimentIds": [], "id": "18191963644", "key": "click.empty_org_repo_cta.transfer_repository"}, {"experimentIds": [], "id": "18195612788", "key": "click.empty_org_repo_cta.import_repository"}, {"experimentIds": [], "id": "18210945499", "key": "click.org_onboarding_checklist.invite_members"}, {"experimentIds": [], "id": "18211063248", "key": "click.empty_org_repo_cta.create_repository"}, {"experimentIds": [], "id": "18215721889", "key": "click.org_onboarding_checklist.update_profile"}, {"experimentIds": [], "id": "18224360785", "key": "click.org_onboarding_checklist.dismiss"}, {"experimentIds": [], "id": "18234832286", "key": "submit.organization_activation.complete"}, {"experimentIds": [], "id": "18252392383", "key": "submit.org_repository.create"}, {"experimentIds": [], "id": "18257551537", "key": "submit.org_member_invitation.create"}, {"experimentIds": [], "id": "18259522260", "key": "submit.organization_profile.update"}, {"experimentIds": [], "id": "18564603625", "key": "view.classroom_select_organization"}, {"experimentIds": [], "id": "18568612016", "key": "click.classroom_sign_in_click"}, {"experimentIds": [], "id": "18572592540", "key": "view.classroom_name"}, {"experimentIds": [], "id": "18574203855", "key": "click.classroom_create_organization"}, {"experimentIds": [], "id": "18582053415", "key": "click.classroom_select_organization"}, {"experimentIds": [], "id": "18589463420", "key": "click.classroom_create_classroom"}, {"experimentIds": [], "id": "18591323364", "key": "click.classroom_create_first_classroom"}, {"experimentIds": [], "id": "18591652321", "key": "click.classroom_grant_access"}, {"experimentIds": [], "id": "18607131425", "key": "view.classroom_creation"}, {"experimentIds": ["20479227424"], "id": "18831680583", "key": "upgrade_account_plan"}, {"experimentIds": [], "id": "19064064515", "key": "click.signup"}, {"experimentIds": [], "id": "19075373687", "key": "click.view_account_billing_page"}, {"experimentIds": [], "id": "19077355841", "key": "click.dismiss_signup_prompt"}, {"experimentIds": [], "id": "19079713938", "key": "click.contact_sales"}, {"experimentIds": [], "id": "19120963070", "key": "click.compare_account_plans"}, {"experimentIds": [], "id": "19151690317", "key": "click.upgrade_account_cta"}, {"experimentIds": [], "id": "19424193129", "key": "click.open_account_switcher"}, {"experimentIds": [], "id": "19520330825", "key": "click.visit_account_profile"}, {"experimentIds": [], "id": "19540970635", "key": "click.switch_account_context"}, {"experimentIds": [], "id": "19730198868", "key": "submit.homepage_signup"}, {"experimentIds": [], "id": "19820830627", "key": "click.homepage_signup"}, {"experimentIds": [], "id": "19988571001", "key": "click.create_enterprise_trial"}, {"experimentIds": [], "id": "20036538294", "key": "click.create_organization_team"}, {"experimentIds": [], "id": "20040653299", "key": "click.input_enterprise_trial_form"}, {"experimentIds": [], "id": "20062030003", "key": "click.continue_with_team"}, {"experimentIds": [], "id": "20068947153", "key": "click.create_organization_free"}, {"experimentIds": [], "id": "20086636658", "key": "click.signup_continue.username"}, {"experimentIds": [], "id": "20091648988", "key": "click.signup_continue.create_account"}, {"experimentIds": [], "id": "20103637615", "key": "click.signup_continue.email"}, {"experimentIds": [], "id": "20111574253", "key": "click.signup_continue.password"}, {"experimentIds": [], "id": "20120044111", "key": "view.pricing_page"}, {"experimentIds": [], "id": "20152062109", "key": "submit.create_account"}, {"experimentIds": [], "id": "20165800992", "key": "submit.upgrade_payment_form"}, {"experimentIds": [], "id": "20171520319", "key": "submit.create_organization"}, {"experimentIds": [], "id": "20222645674", "key": "click.recommended_plan_in_signup.discuss_your_needs"}, {"experimentIds": [], "id": "20227443657", "key": "submit.verify_primary_user_email"}, {"experimentIds": [], "id": "20234607160", "key": "click.recommended_plan_in_signup.try_enterprise"}, {"experimentIds": [], "id": "20238175784", "key": "click.recommended_plan_in_signup.team"}, {"experimentIds": [], "id": "20239847212", "key": "click.recommended_plan_in_signup.continue_free"}, {"experimentIds": [], "id": "20251097193", "key": "recommended_plan"}, {"experimentIds": [], "id": "20438619534", "key": "click.pricing_calculator.1_member"}, {"experimentIds": [], "id": "20456699683", "key": "click.pricing_calculator.15_members"}, {"experimentIds": [], "id": "20467868331", "key": "click.pricing_calculator.10_members"}, {"experimentIds": [], "id": "20476267432", "key": "click.trial_days_remaining"}, {"experimentIds": ["20479227424"], "id": "20476357660", "key": "click.discover_feature"}, {"experimentIds": [], "id": "20479287901", "key": "click.pricing_calculator.custom_members"}, {"experimentIds": [], "id": "20481107083", "key": "click.recommended_plan_in_signup.apply_teacher_benefits"}, {"experimentIds": [], "id": "20483089392", "key": "click.pricing_calculator.5_members"}, {"experimentIds": ["20479227424", "20652570897"], "id": "20484283944", "key": "click.onboarding_task"}, {"experimentIds": [], "id": "20484996281", "key": "click.recommended_plan_in_signup.apply_student_benefits"}, {"experimentIds": ["20479227424"], "id": "20486713726", "key": "click.onboarding_task_breadcrumb"}, {"experimentIds": ["20479227424"], "id": "20490791319", "key": "click.upgrade_to_enterprise"}, {"experimentIds": ["20479227424"], "id": "20491786766", "key": "click.talk_to_us"}, {"experimentIds": ["20479227424"], "id": "20494144087", "key": "click.dismiss_enterprise_trial"}, {"experimentIds": ["20479227424", "20652570897"], "id": "20499722759", "key": "completed_all_tasks"}, {"experimentIds": ["20479227424", "20652570897"], "id": "20500710104", "key": "completed_onboarding_tasks"}, {"experimentIds": ["20479227424"], "id": "20513160672", "key": "click.read_doc"}, {"experimentIds": ["20652570897"], "id": "20516196762", "key": "actions_enabled"}, {"experimentIds": ["20479227424"], "id": "20518980986", "key": "click.dismiss_trial_banner"}, {"experimentIds": [], "id": "20535446721", "key": "click.issue_actions_prompt.dismiss_prompt"}, {"experimentIds": [], "id": "20557002247", "key": "click.issue_actions_prompt.setup_workflow"}, {"experimentIds": [], "id": "20595070227", "key": "click.pull_request_setup_workflow"}, {"experimentIds": [], "id": "20626600314", "key": "click.seats_input"}, {"experimentIds": [], "id": "20642310305", "key": "click.decrease_seats_number"}, {"experimentIds": [], "id": "20662990045", "key": "click.increase_seats_number"}, {"experimentIds": [], "id": "20679620969", "key": "click.public_product_roadmap"}, {"experimentIds": ["20479227424"], "id": "20761240940", "key": "click.dismiss_survey_banner"}, {"experimentIds": ["20479227424"], "id": "20767210721", "key": "click.take_survey"}, {"experimentIds": ["20652570897"], "id": "20795281201", "key": "click.archive_list"}, {"experimentIds": [], "id": "20966790249", "key": "contact_sales.submit"}, {"experimentIds": [], "id": "20996500333", "key": "contact_sales.existing_customer"}, {"experimentIds": [], "id": "20996890162", "key": "contact_sales.blank_message_field"}, {"experimentIds": [], "id": "21000470317", "key": "contact_sales.personal_email"}, {"experimentIds": [], "id": "21002790172", "key": "contact_sales.blank_phone_field"}], "revision": "1033"}" />
<!-- To prevent page flashing, the optimizely JS needs to be loaded in the
<head> tag before the DOM renders -->
<script crossorigin="anonymous" defer="defer" integrity="sha512-ftehb12i+5yPbdWYQA9undOSmChRnlmPOu8Y8aHeQMSru96M+RhhcvdWb79Cc80MBCaPkqhyJ+2Lmnys5X5gKQ==" type="application/javascript" src="https://github.githubassets.com/assets/optimizely-7ed7a16f.js"></script>
<meta name="hostname" content="github.com">
<meta name="user-login" content="shubh123-tri">
<meta name="expected-hostname" content="github.com">
<meta name="js-proxy-site-detection-payload" content="M2M1ZmFlMjY3ODY3OTkyZmJkZDJhNWJlOTAwZjZlOTM0YjY0ZDEzZDJjN2I2ODQyZTNmYjIxOTBlNmM5ZjJkZXx7InJlbW90ZV9hZGRyZXNzIjoiMTE3LjIyMi4zMS4xNTMiLCJyZXF1ZXN0X2lkIjoiRDI3RTo1QjgzOjhCMkYyQTo5QzgwNDM6NjFFN0VDQzYiLCJ0aW1lc3RhbXAiOjE2NDI1ODk0MjEsImhvc3QiOiJnaXRodWIuY29tIn0=">
<meta name="keyboard-shortcuts-preference" content="all">
<script type="application/json" id="memex_keyboard_shortcuts_preference">"all"</script>
<meta name="enabled-features" content="ACTIONS_CALLABLE_WORKFLOWS,MARKETPLACE_PENDING_INSTALLATIONS,PRESENCE_IDLE">
<meta http-equiv="x-pjax-version" content="9bf76e3222ad0fb94b275a409ef7cc307494ab94eecb928b93a3e8bd0b138211">
<meta http-equiv="x-pjax-csp-version" content="9ea82e8060ac9d44365bfa193918b70ed58abd9413362ba412abb161b3a8d1b6">
<meta http-equiv="x-pjax-css-version" content="e9cf6d68e51d6efb45ed9c610496c6e225306840686a1146647be9e04a4e6f9a">
<meta http-equiv="x-pjax-js-version" content="08b05f872939e0caa00aa39b3770bf459a0b6064965c2e2ef0af054affa69b33">
<meta name="octolytics-dimension-user_id" content="12152583" /><meta name="octolytics-dimension-user_login" content="swisskyrepo" /><meta name="octolytics-dimension-repository_id" content="71220757" /><meta name="octolytics-dimension-repository_nwo" content="swisskyrepo/PayloadsAllTheThings" /><meta name="octolytics-dimension-repository_public" content="true" /><meta name="octolytics-dimension-repository_is_fork" content="false" /><meta name="octolytics-dimension-repository_network_root_id" content="71220757" /><meta name="octolytics-dimension-repository_network_root_nwo" content="swisskyrepo/PayloadsAllTheThings" />
<link rel="canonical" href="https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg" data-pjax-transient>
<meta name="browser-stats-url" content="https://api.github.com/_private/browser/stats">
<meta name="browser-errors-url" content="https://api.github.com/_private/browser/errors">
<meta name="browser-optimizely-client-errors-url" content="https://api.github.com/_private/browser/optimizely_client/errors">
<link rel="mask-icon" href="https://github.githubassets.com/pinned-octocat.svg" color="#000000">
<link rel="alternate icon" class="js-site-favicon" type="image/png" href="https://github.githubassets.com/favicons/favicon.png">
<link rel="icon" class="js-site-favicon" type="image/svg+xml" href="https://github.githubassets.com/favicons/favicon.svg">
<meta name="theme-color" content="#1e2327">
<meta name="color-scheme" content="light dark" />
<link rel="manifest" href="/manifest.json" crossOrigin="use-credentials">
</head>
<body class="logged-in env-production page-responsive page-blob" style="word-wrap: break-word;">
<div class="position-relative js-header-wrapper ">
<a href="#start-of-content" class="p-3 color-bg-accent-emphasis color-fg-on-emphasis show-on-focus js-skip-to-content">Skip to content</a>
<span data-view-component="true" class="progress-pjax-loader js-pjax-loader-bar Progress position-fixed width-full">
<span style="width: 0%;" data-view-component="true" class="Progress-item progress-pjax-loader-bar left-0 top-0 color-bg-accent-emphasis"></span>
</span>
<script crossorigin="anonymous" defer="defer" integrity="sha512-t94u343K5pGpsQYsQMnd5pOweD8R50PXnkh2C6CJrICXX/4mtCAdn0jwCoYm3QLBKAThJCuTiQdfnyCubitJqA==" type="application/javascript" src="https://github.githubassets.com/assets/command-palette-b7de2edf.js"></script>
<header class="Header js-details-container Details px-3 px-md-4 px-lg-5 flex-wrap flex-md-nowrap" role="banner" >
<div class="Header-item mt-n1 mb-n1 d-none d-md-flex">
<a
class="Header-link "
href="https://github.com/"
data-hotkey="g d"
aria-label="Homepage "
data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Header","action":"go to dashboard","label":"icon:logo","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="7c13a5c88159c30c5b49b4ef46642266cf2d90b28fc720e47208112425b99409" data-analytics-event="{"category":"Header","action":"go to dashboard","label":"icon:logo"}"
>
<svg height="32" aria-hidden="true" viewBox="0 0 16 16" version="1.1" width="32" data-view-component="true" class="octicon octicon-mark-github v-align-middle">
<path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path>
</svg>
</a>
</div>
<div class="Header-item d-md-none">
<button aria-label="Toggle navigation" aria-expanded="false" type="button" data-view-component="true" class="Header-link js-details-target btn-link"> <svg aria-hidden="true" height="24" viewBox="0 0 16 16" version="1.1" width="24" data-view-component="true" class="octicon octicon-three-bars">
<path fill-rule="evenodd" d="M1 2.75A.75.75 0 011.75 2h12.5a.75.75 0 110 1.5H1.75A.75.75 0 011 2.75zm0 5A.75.75 0 011.75 7h12.5a.75.75 0 110 1.5H1.75A.75.75 0 011 7.75zM1.75 12a.75.75 0 100 1.5h12.5a.75.75 0 100-1.5H1.75z"></path>
</svg>
</button> </div>
<div class="Header-item Header-item--full flex-column flex-md-row width-full flex-order-2 flex-md-order-none mr-0 mr-md-3 mt-3 mt-md-0 Details-content--hidden-not-important d-md-flex">
<div class="header-search flex-auto js-site-search position-relative flex-self-stretch flex-md-self-auto mb-3 mb-md-0 mr-0 mr-md-3 scoped-search site-scoped-search js-jump-to"
>
<div class="position-relative">
<!-- '"` --><!-- </textarea></xmp> --></option></form><form class="js-site-search-form" role="search" aria-label="Site" data-scope-type="Repository" data-scope-id="71220757" data-scoped-search-url="/swisskyrepo/PayloadsAllTheThings/search" data-owner-scoped-search-url="/users/swisskyrepo/search" data-unscoped-search-url="/search" action="/swisskyrepo/PayloadsAllTheThings/search" accept-charset="UTF-8" method="get">
<label class="form-control input-sm header-search-wrapper p-0 js-chromeless-input-container header-search-wrapper-jump-to position-relative d-flex flex-justify-between flex-items-center">
<input type="text"
class="form-control input-sm header-search-input jump-to-field js-jump-to-field js-site-search-focus js-site-search-field is-clearable"
data-hotkey=s,/
name="q"
data-test-selector="nav-search-input"
placeholder="Search or jump toâ¦"
data-unscoped-placeholder="Search or jump toâ¦"
data-scoped-placeholder="Search or jump toâ¦"
autocapitalize="off"
role="combobox"
aria-haspopup="listbox"
aria-expanded="false"
aria-autocomplete="list"
aria-controls="jump-to-results"
aria-label="Search or jump toâ¦"
data-jump-to-suggestions-path="/_graphql/GetSuggestedNavigationDestinations"
spellcheck="false"
autocomplete="off"
>
<input type="hidden" value="tkzaeEWXVNLEZKriy91ajER3gwWg_INt2n035B9Mn4rRmU1XSMoIDkcKsv0gzQHQXBAk128BDxm7G10nQbd14Q" data-csrf="true" class="js-data-jump-to-suggestions-path-csrf" />
<input type="hidden" class="js-site-search-type-field" name="type" >
<svg xmlns="http://www.w3.org/2000/svg" width="22" height="20" aria-hidden="true" class="mr-1 header-search-key-slash"><path fill="none" stroke="#979A9C" opacity=".4" d="M3.5.5h12c1.7 0 3 1.3 3 3v13c0 1.7-1.3 3-3 3h-12c-1.7 0-3-1.3-3-3v-13c0-1.7 1.3-3 3-3z"></path><path fill="#979A9C" d="M11.8 6L8 15.1h-.9L10.8 6h1z"></path></svg>
<div class="Box position-absolute overflow-hidden d-none jump-to-suggestions js-jump-to-suggestions-container">
<ul class="d-none js-jump-to-suggestions-template-container">
<li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-suggestion" role="option">
<a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="suggestion">
<div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
<svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0">
<path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path>
</svg>
<svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0">
<path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path>
</svg>
<svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0">
<path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path>
</svg>
</div>
<img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">
<div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
</div>
<div class="border rounded-1 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none js-jump-to-badge-search">
<span class="js-jump-to-badge-search-text-default d-none" aria-label="in this repository">
In this repository
</span>
<span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
All GitHub
</span>
<span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">âµ</span>
</div>
<div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
Jump to
<span class="d-inline-block ml-1 v-align-middle">âµ</span>
</div>
</a>
</li>
</ul>
<ul class="d-none js-jump-to-no-results-template-container">
<li class="d-flex flex-justify-center flex-items-center f5 d-none js-jump-to-suggestion p-2">
<span class="color-fg-muted">No suggested jump to results</span>
</li>
</ul>
<ul id="jump-to-results" role="listbox" class="p-0 m-0 js-navigation-container jump-to-suggestions-results-container js-jump-to-suggestions-results-container">
<li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-scoped-search d-none" role="option">
<a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="scoped_search">
<div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
<svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0">
<path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path>
</svg>
<svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0">
<path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path>
</svg>
<svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0">
<path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path>
</svg>
</div>
<img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">
<div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
</div>
<div class="border rounded-1 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none js-jump-to-badge-search">
<span class="js-jump-to-badge-search-text-default d-none" aria-label="in this repository">
In this repository
</span>
<span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
All GitHub
</span>
<span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">âµ</span>
</div>
<div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
Jump to
<span class="d-inline-block ml-1 v-align-middle">âµ</span>
</div>
</a>
</li>
<li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-owner-scoped-search d-none" role="option">
<a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="owner_scoped_search">
<div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
<svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0">
<path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path>
</svg>
<svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0">
<path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path>
</svg>
<svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0">
<path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path>
</svg>
</div>
<img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">
<div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
</div>
<div class="border rounded-1 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none js-jump-to-badge-search">
<span class="js-jump-to-badge-search-text-default d-none" aria-label="in this user">
In this user
</span>
<span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
All GitHub
</span>
<span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">âµ</span>
</div>
<div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
Jump to
<span class="d-inline-block ml-1 v-align-middle">âµ</span>
</div>
</a>
</li>
<li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-global-search d-none" role="option">
<a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="global_search">
<div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
<svg title="Repository" aria-label="Repository" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo js-jump-to-octicon-repo d-none flex-shrink-0">
<path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path>
</svg>
<svg title="Project" aria-label="Project" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-project js-jump-to-octicon-project d-none flex-shrink-0">
<path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path>
</svg>
<svg title="Search" aria-label="Search" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search js-jump-to-octicon-search d-none flex-shrink-0">
<path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path>
</svg>
</div>
<img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">
<div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
</div>
<div class="border rounded-1 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none js-jump-to-badge-search">
<span class="js-jump-to-badge-search-text-default d-none" aria-label="in this repository">
In this repository
</span>
<span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
All GitHub
</span>
<span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">âµ</span>
</div>
<div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-subtle px-1 color-fg-muted ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
Jump to
<span class="d-inline-block ml-1 v-align-middle">âµ</span>
</div>
</a>
</li>
<li class="d-flex flex-justify-center flex-items-center p-0 f5 js-jump-to-suggestion">
<svg style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="m-3 anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke" />
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke" />
</svg>
</li>
</ul>
</div>
</label>
</form> </div>
</div>
<nav class="d-flex flex-column flex-md-row flex-self-stretch flex-md-self-auto" aria-label="Global">
<a class="Header-link py-md-3 d-block d-md-none py-2 border-top border-md-top-0 border-white-fade" data-ga-click="Header, click, Nav menu - item:dashboard:user" aria-label="Dashboard" href="/dashboard">
Dashboard
</a>
<a class="js-selected-navigation-item Header-link mt-md-n3 mb-md-n3 py-2 py-md-3 mr-0 mr-md-3 border-top border-md-top-0 border-white-fade" data-hotkey="g p" data-ga-click="Header, click, Nav menu - item:pulls context:user" aria-label="Pull requests you created" data-selected-links="/pulls /pulls/assigned /pulls/mentioned /pulls" href="/pulls">
Pull<span class="d-inline d-md-none d-lg-inline"> request</span>s
</a>
<a class="js-selected-navigation-item Header-link mt-md-n3 mb-md-n3 py-2 py-md-3 mr-0 mr-md-3 border-top border-md-top-0 border-white-fade" data-hotkey="g i" data-ga-click="Header, click, Nav menu - item:issues context:user" aria-label="Issues you created" data-selected-links="/issues /issues/assigned /issues/mentioned /issues" href="/issues">
Issues
</a>
<div class="d-flex position-relative">
<a class="js-selected-navigation-item Header-link flex-auto mt-md-n3 mb-md-n3 py-2 py-md-3 mr-0 mr-md-3 border-top border-md-top-0 border-white-fade" data-ga-click="Header, click, Nav menu - item:marketplace context:user" data-octo-click="marketplace_click" data-octo-dimensions="location:nav_bar" data-selected-links=" /marketplace" href="/marketplace">
Marketplace
</a> </div>
<a class="js-selected-navigation-item Header-link mt-md-n3 mb-md-n3 py-2 py-md-3 mr-0 mr-md-3 border-top border-md-top-0 border-white-fade" data-ga-click="Header, click, Nav menu - item:explore" data-selected-links="/explore /trending /trending/developers /integrations /integrations/feature/code /integrations/feature/collaborate /integrations/feature/ship showcases showcases_search showcases_landing /explore" href="/explore">
Explore
</a>
<a class="js-selected-navigation-item Header-link d-block d-md-none py-2 py-md-3 border-top border-md-top-0 border-white-fade" data-ga-click="Header, click, Nav menu - item:workspaces context:user" data-selected-links="/codespaces /codespaces" href="/codespaces">
Codespaces
</a>
<a class="js-selected-navigation-item Header-link d-block d-md-none py-2 py-md-3 border-top border-md-top-0 border-white-fade" data-ga-click="Header, click, Nav menu - item:Sponsors" data-hydro-click="{"event_type":"sponsors.button_click","payload":{"button":"HEADER_SPONSORS_DASHBOARD","sponsorable_login":"shubh123-tri","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="785c80f29ae6480c5f48b3b1e08ff442b6d95251141f966ec049813f119a41c1" data-selected-links=" /sponsors/accounts" href="/sponsors/accounts">Sponsors</a>
<a class="Header-link d-block d-md-none mr-0 mr-md-3 py-2 py-md-3 border-top border-md-top-0 border-white-fade" href="/settings/profile">
Settings
</a>
<a class="Header-link d-block d-md-none mr-0 mr-md-3 py-2 py-md-3 border-top border-md-top-0 border-white-fade" href="/shubh123-tri">
<img class="avatar avatar-user" loading="lazy" decoding="async" src="https://avatars.githubusercontent.com/u/77883099?s=40&v=4" width="20" height="20" alt="@shubh123-tri" />
shubh123-tri
</a>
<!-- '"` --><!-- </textarea></xmp> --></option></form><form action="/logout" accept-charset="UTF-8" method="post"><input type="hidden" name="authenticity_token" value="8XpJznL8YIqoolCZSOsmO8fN_LyHEwKF25v-T8tgvXen3yRYN25g5tPlvVhcb_0V4dcjB2ppH3gRyKS-u7jvHg" />
<button
type="submit"
class="Header-link mr-0 mr-md-3 py-2 py-md-3 border-top border-md-top-0 border-white-fade d-md-none btn-link d-block width-full text-left"
style="padding-left: 2px;"
data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Header","action":"sign out","label":"icon:logout","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="04646c82f4f17e4d50898ca63ca237e655e6a89df90e82d79460896ee3fdc68c" data-analytics-event="{"category":"Header","action":"sign out","label":"icon:logout"}"
>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-sign-out v-align-middle">
<path fill-rule="evenodd" d="M2 2.75C2 1.784 2.784 1 3.75 1h2.5a.75.75 0 010 1.5h-2.5a.25.25 0 00-.25.25v10.5c0 .138.112.25.25.25h2.5a.75.75 0 010 1.5h-2.5A1.75 1.75 0 012 13.25V2.75zm10.44 4.5H6.75a.75.75 0 000 1.5h5.69l-1.97 1.97a.75.75 0 101.06 1.06l3.25-3.25a.75.75 0 000-1.06l-3.25-3.25a.75.75 0 10-1.06 1.06l1.97 1.97z"></path>
</svg>
Sign out
</button>
</form></nav>
</div>
<div class="Header-item Header-item--full flex-justify-center d-md-none position-relative">
<a
class="Header-link "
href="https://github.com/"
data-hotkey="g d"
aria-label="Homepage "
data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Header","action":"go to dashboard","label":"icon:logo","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="7c13a5c88159c30c5b49b4ef46642266cf2d90b28fc720e47208112425b99409" data-analytics-event="{"category":"Header","action":"go to dashboard","label":"icon:logo"}"
>
<svg height="32" aria-hidden="true" viewBox="0 0 16 16" version="1.1" width="32" data-view-component="true" class="octicon octicon-mark-github v-align-middle">
<path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path>
</svg>
</a>
</div>
<div class="Header-item mr-0 mr-md-3 flex-order-1 flex-md-order-none">
<notification-indicator
class="js-socket-channel"
data-test-selector="notifications-indicator"
data-channel="eyJjIjoibm90aWZpY2F0aW9uLWNoYW5nZWQ6Nzc4ODMwOTkiLCJ0IjoxNjQyNTg5NDIxfQ==--a88e75c37adb95b8aa1ffc348ea2642ade0762eb5cf3b3157f3a7ba56b7944ae">
<a href="/notifications"
class="Header-link notification-indicator position-relative tooltipped tooltipped-sw"
aria-label="You have no unread notifications"
data-hotkey="g n"
data-ga-click="Header, go to notifications, icon:read"
data-target="notification-indicator.link">
<span class="mail-status " data-target="notification-indicator.modifier"></span>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-bell">
<path d="M8 16a2 2 0 001.985-1.75c.017-.137-.097-.25-.235-.25h-3.5c-.138 0-.252.113-.235.25A2 2 0 008 16z"></path><path fill-rule="evenodd" d="M8 1.5A3.5 3.5 0 004.5 5v2.947c0 .346-.102.683-.294.97l-1.703 2.556a.018.018 0 00-.003.01l.001.006c0 .002.002.004.004.006a.017.017 0 00.006.004l.007.001h10.964l.007-.001a.016.016 0 00.006-.004.016.016 0 00.004-.006l.001-.007a.017.017 0 00-.003-.01l-1.703-2.554a1.75 1.75 0 01-.294-.97V5A3.5 3.5 0 008 1.5zM3 5a5 5 0 0110 0v2.947c0 .05.015.098.042.139l1.703 2.555A1.518 1.518 0 0113.482 13H2.518a1.518 1.518 0 01-1.263-2.36l1.703-2.554A.25.25 0 003 7.947V5z"></path>
</svg>
</a>
</notification-indicator>
</div>
<div class="Header-item position-relative d-none d-md-flex">
<details class="details-overlay details-reset">
<summary
class="Header-link"
aria-label="Create newâ¦"
data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Header","action":"create new","label":"icon:add","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="9744793e7acfe3818ec06c862d7e8425e84996ed40083d575cdcc2f07b1474c4" data-analytics-event="{"category":"Header","action":"create new","label":"icon:add"}"
>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-plus">
<path fill-rule="evenodd" d="M7.75 2a.75.75 0 01.75.75V7h4.25a.75.75 0 110 1.5H8.5v4.25a.75.75 0 11-1.5 0V8.5H2.75a.75.75 0 010-1.5H7V2.75A.75.75 0 017.75 2z"></path>
</svg> <span class="dropdown-caret"></span>
</summary>
<details-menu class="dropdown-menu dropdown-menu-sw">
<a role="menuitem" class="dropdown-item" href="/new" data-ga-click="Header, create new repository">
New repository
</a>
<a role="menuitem" class="dropdown-item" href="/new/import" data-ga-click="Header, import a repository">
Import repository
</a>
<a role="menuitem" class="dropdown-item" href="https://gist.github.com/" data-ga-click="Header, create new gist">
New gist
</a>
<a role="menuitem" class="dropdown-item" href="/organizations/new" data-ga-click="Header, create new organization">
New organization
</a>
</details-menu>
</details>
</div>
<div class="Header-item position-relative mr-0 d-none d-md-flex">
<details class="details-overlay details-reset js-feature-preview-indicator-container" data-feature-preview-indicator-src="/users/shubh123-tri/feature_preview/indicator_check">
<summary
class="Header-link"
aria-label="View profile and more"
data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Header","action":"show menu","label":"icon:avatar","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="45c784fffdaa9db9173950ca539f537c284762f4ede91a502e079f5dc210c514" data-analytics-event="{"category":"Header","action":"show menu","label":"icon:avatar"}"
>
<img src="https://avatars.githubusercontent.com/u/77883099?s=40&v=4" alt="@shubh123-tri" size="20" height="20" width="20" data-view-component="true" class="avatar avatar-small circle" />
<span class="feature-preview-indicator js-feature-preview-indicator" style="top: 1px;" hidden></span>
<span class="dropdown-caret"></span>
</summary>
<details-menu class="dropdown-menu dropdown-menu-sw" style="width: 180px"
src="/users/77883099/menu" preload>
<include-fragment>
<p class="text-center mt-3" data-hide-on-error>
<svg style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke" />
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke" />
</svg>
</p>
<p class="ml-1 mb-2 mt-2 color-fg-default" data-show-on-error>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd" d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z"></path>
</svg>
Sorry, something went wrong.
</p>
</include-fragment>
</details-menu>
</details>
</div>
</header>
</div>
<div id="start-of-content" class="show-on-focus"></div>
<div data-pjax-replace id="js-flash-container">
<template class="js-flash-template">
<div class="flash flash-full {{ className }}">
<div class=" px-2" >
<button class="flash-close js-flash-close" type="button" aria-label="Dismiss this message">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-x">
<path fill-rule="evenodd" d="M3.72 3.72a.75.75 0 011.06 0L8 6.94l3.22-3.22a.75.75 0 111.06 1.06L9.06 8l3.22 3.22a.75.75 0 11-1.06 1.06L8 9.06l-3.22 3.22a.75.75 0 01-1.06-1.06L6.94 8 3.72 4.78a.75.75 0 010-1.06z"></path>
</svg>
</button>
<div>{{ message }}</div>
</div>
</div>
</template>
</div>
<include-fragment class="js-notification-shelf-include-fragment" data-base-src="https://github.com/notifications/beta/shelf"></include-fragment>
<details class="details-reset details-overlay details-overlay-dark js-command-palette-dialog">
<summary class="command-palette-details-summary" aria-label="command palette trigger">
</summary>
<details-dialog class="command-palette-details-dialog d-flex flex-column flex-justify-center height-fit" aria-label="command palette">
<command-palette
class="command-palette color-bg-default rounded-3"
data-return-to=/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg
data-user-id="77883099"
>
<input type="hidden" name="color-mode-path" id="color-mode-path" value="/settings/appearance/color_mode" class="js-color-mode-path" autocomplete="off" />
<input type="hidden" value="vawdxzlsWY8tzeEGQNshKCwx-6cO3yIdWZIJp_WeuIpvnGuta3kCrcR4gLPE6D8J9YLYdl907iG8lJ3nkKXE4A" data-csrf="true" class="js-color-mode-csrf" />
<command-palette-mode
data-char="#"
data-scope-types="[""]"
data-placeholder="Search issues and pull requests"
></command-palette-mode>
<command-palette-mode
data-char="#"
data-scope-types="["owner","repository"]"
data-placeholder="Search issues, pull requests, discussions, and projects"
></command-palette-mode>
<command-palette-mode
data-char="!"
data-scope-types="["owner","repository"]"
data-placeholder="Search projects"
></command-palette-mode>
<command-palette-mode
data-char="@"
data-scope-types="[""]"
data-placeholder="Search or jump to a user, organization, or repository"
></command-palette-mode>
<command-palette-mode
data-char="@"
data-scope-types="["owner"]"
data-placeholder="Search or jump to a repository"
></command-palette-mode>
<command-palette-mode
data-char="/"
data-scope-types="["repository"]"
data-placeholder="Search files"
></command-palette-mode>
<command-palette-mode
data-char="?"
></command-palette-mode>
<command-palette-mode
data-char=">"
data-placeholder="Run a command"
></command-palette-mode>
<command-palette-mode
data-char=""
data-scope-types="["owner"]"
data-placeholder="Search or jump to..."
></command-palette-mode>
<command-palette-mode
class="js-command-palette-default-mode"
data-char=""
data-placeholder="Search or jump to..."
></command-palette-mode>
<command-palette-input placeholder="Search or jump to..."
>
<div class="js-search-icon d-flex flex-items-center mr-2" style="height: 26px">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-search color-fg-muted">
<path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path>
</svg>
</div>
<div class="js-spinner d-flex flex-items-center mr-2 color-fg-muted" hidden>
<svg aria-label="Loading" class="anim-rotate" viewBox="0 0 16 16" fill="none" width="16" height="16">
<circle
cx="8"
cy="8"
r="7"
stroke="currentColor"
stroke-opacity="0.25"
stroke-width="2"
vector-effect="non-scaling-stroke"
></circle>
<path
d="M15 8a7.002 7.002 0 00-7-7"
stroke="currentColor"
stroke-width="2"
stroke-linecap="round"
vector-effect="non-scaling-stroke"
></path>
</svg>
</div>
<command-palette-scope >
<div data-target="command-palette-scope.placeholder" hidden class="color-fg-subtle">/ <span class="text-semibold color-fg-default">...</span> / </div>
<command-palette-token
data-text="swisskyrepo"
data-id="MDQ6VXNlcjEyMTUyNTgz"
data-type="owner"
data-value="swisskyrepo"
data-targets="command-palette-scope.tokens"
class="color-fg-default text-semibold"
style="white-space: nowrap;"
>swisskyrepo<span class="color-fg-subtle text-normal"> / </span></command-palette-token>
<command-palette-token
data-text="PayloadsAllTheThings"
data-id="MDEwOlJlcG9zaXRvcnk3MTIyMDc1Nw=="
data-type="repository"
data-value="PayloadsAllTheThings"
data-targets="command-palette-scope.tokens"
class="color-fg-default text-semibold"
style="white-space: nowrap;"
>PayloadsAllTheThings<span class="color-fg-subtle text-normal"> / </span></command-palette-token>
</command-palette-scope>
</command-palette-input>
<command-palette-item-stack id="command-palette-item-stack" class="item-stack-transition-height" role="listbox" aria-label="Command palette results">
<command-palette-tip class="color-fg-muted f6 px-3 py-1 my-2" data-type="" data-mode="" data-value="">
Type <code class="p-1 color-bg-subtle rounded-1">#</code> for issues and pull requests, <code class="p-1 color-bg-subtle rounded-1">></code> for commands, and <code class="p-1 color-bg-subtle rounded-1">?</code> for help
</command-palette-tip>
<command-palette-tip class="color-fg-muted f6 px-3 py-1 my-2" data-type="owner" data-mode="" data-value="">
Type <code class="p-1 color-bg-subtle rounded-1">#</code> for issues, pull requests, and projects, <code class="p-1 color-bg-subtle rounded-1">></code> for commands, and <code class="p-1 color-bg-subtle rounded-1">?</code> for help
</command-palette-tip>
<command-palette-tip class="color-fg-muted f6 px-3 py-1 my-2" data-type="repository" data-mode="" data-value="">
Type <code class="p-1 color-bg-subtle rounded-1">#</code> for issues, pull requests, and projects, <code class="p-1 color-bg-subtle rounded-1">/</code> for files, and <code class="p-1 color-bg-subtle rounded-1">></code> for commands
</command-palette-tip>
<command-palette-tip class="mx-3 my-2 flash flash-error d-flex flex-items-center" data-on-error>
<div>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd" d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z"></path>
</svg>
</div>
<div class="px-2">
Weâve encountered an error and some results aren't available at this time. Type a new search or try again later.
</div>
</command-palette-tip>
<command-palette-tip class="h4 color-fg-default pl-3 pb-2 pt-3" data-on-empty data-match-mode="[^?]|^$">
No results matched your search
</command-palette-tip>
<command-palette-item-group
data-group-id="top"
data-group-title="Top result"
data-group-hint=""
data-group-limits="{}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
<command-palette-item-group
data-group-id="commands"
data-group-title="Commands"
data-group-hint="Type > to filter"
data-group-limits="{}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
<command-palette-item-group
data-group-id="files"
data-group-title="Files"
data-group-hint=""
data-group-limits="{}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
<command-palette-item-group
data-group-id="pages"
data-group-title="Pages"
data-group-hint=""
data-group-limits="{"repository":10}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
<command-palette-item-group
data-group-id="access_policies"
data-group-title="Access Policies"
data-group-hint=""
data-group-limits="{}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
<command-palette-item-group
data-group-id="organizations"
data-group-title="Organizations"
data-group-hint=""
data-group-limits="{}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
<command-palette-item-group
data-group-id="repositories"
data-group-title="Repositories"
data-group-hint=""
data-group-limits="{}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
<command-palette-item-group
data-group-id="references"
data-group-title="Issues, pull requests, and discussions"
data-group-hint="Type # to filter"
data-group-limits="{}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
<command-palette-item-group
data-group-id="teams"
data-group-title="Teams"
data-group-hint=""
data-group-limits="{}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
<command-palette-item-group
data-group-id="users"
data-group-title="Users"
data-group-hint=""
data-group-limits="{}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
<command-palette-item-group
data-group-id="projects"
data-group-title="Projects"
data-group-hint=""
data-group-limits="{}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
<command-palette-item-group
data-group-id="footer"
data-group-title="Footer"
data-group-hint=""
data-group-limits="{}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
<command-palette-item-group
data-group-id="modes_help"
data-group-title="Modes"
data-group-hint=""
data-group-limits="{}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
<command-palette-item-group
data-group-id="filters_help"
data-group-title="Use filters in issues, pull requests, discussions, and projects"
data-group-hint=""
data-group-limits="{}"
data-targets="command-palette-item-stack.groups"
>
</command-palette-item-group>
</command-palette-item-stack>
<div class="js-command-local-provider-octicons" hidden>
<div data-local-provider-octicon-id="arrow-right-color-fg-muted">
<svg height="16" class="octicon octicon-arrow-right color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M8.22 2.97a.75.75 0 011.06 0l4.25 4.25a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06-1.06l2.97-2.97H3.75a.75.75 0 010-1.5h7.44L8.22 4.03a.75.75 0 010-1.06z"></path></svg>
</div>
<div data-local-provider-octicon-id="arrow-right-color-fg-default">
<svg height="16" class="octicon octicon-arrow-right color-fg-default" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M8.22 2.97a.75.75 0 011.06 0l4.25 4.25a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06-1.06l2.97-2.97H3.75a.75.75 0 010-1.5h7.44L8.22 4.03a.75.75 0 010-1.06z"></path></svg>
</div>
<div data-local-provider-octicon-id="codespaces-color-fg-muted">
<svg height="16" class="octicon octicon-codespaces color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M2 1.75C2 .784 2.784 0 3.75 0h8.5C13.216 0 14 .784 14 1.75v5a1.75 1.75 0 01-1.75 1.75h-8.5A1.75 1.75 0 012 6.75v-5zm1.75-.25a.25.25 0 00-.25.25v5c0 .138.112.25.25.25h8.5a.25.25 0 00.25-.25v-5a.25.25 0 00-.25-.25h-8.5zM0 11.25c0-.966.784-1.75 1.75-1.75h12.5c.966 0 1.75.784 1.75 1.75v3A1.75 1.75 0 0114.25 16H1.75A1.75 1.75 0 010 14.25v-3zM1.75 11a.25.25 0 00-.25.25v3c0 .138.112.25.25.25h12.5a.25.25 0 00.25-.25v-3a.25.25 0 00-.25-.25H1.75z"></path><path fill-rule="evenodd" d="M3 12.75a.75.75 0 01.75-.75h.5a.75.75 0 010 1.5h-.5a.75.75 0 01-.75-.75zm4 0a.75.75 0 01.75-.75h4.5a.75.75 0 010 1.5h-4.5a.75.75 0 01-.75-.75z"></path></svg>
</div>
<div data-local-provider-octicon-id="copy-color-fg-muted">
<svg height="16" class="octicon octicon-copy color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path></svg>
</div>
<div data-local-provider-octicon-id="dash-color-fg-muted">
<svg height="16" class="octicon octicon-dash color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M2 7.75A.75.75 0 012.75 7h10a.75.75 0 010 1.5h-10A.75.75 0 012 7.75z"></path></svg>
</div>
<div data-local-provider-octicon-id="file-color-fg-muted">
<svg height="16" class="octicon octicon-file color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M3.75 1.5a.25.25 0 00-.25.25v11.5c0 .138.112.25.25.25h8.5a.25.25 0 00.25-.25V6H9.75A1.75 1.75 0 018 4.25V1.5H3.75zm5.75.56v2.19c0 .138.112.25.25.25h2.19L9.5 2.06zM2 1.75C2 .784 2.784 0 3.75 0h5.086c.464 0 .909.184 1.237.513l3.414 3.414c.329.328.513.773.513 1.237v8.086A1.75 1.75 0 0112.25 15h-8.5A1.75 1.75 0 012 13.25V1.75z"></path></svg>
</div>
<div data-local-provider-octicon-id="lock-color-fg-muted">
<svg height="16" class="octicon octicon-lock color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M4 4v2h-.25A1.75 1.75 0 002 7.75v5.5c0 .966.784 1.75 1.75 1.75h8.5A1.75 1.75 0 0014 13.25v-5.5A1.75 1.75 0 0012.25 6H12V4a4 4 0 10-8 0zm6.5 2V4a2.5 2.5 0 00-5 0v2h5zM12 7.5h.25a.25.25 0 01.25.25v5.5a.25.25 0 01-.25.25h-8.5a.25.25 0 01-.25-.25v-5.5a.25.25 0 01.25-.25H12z"></path></svg>
</div>
<div data-local-provider-octicon-id="moon-color-fg-muted">
<svg height="16" class="octicon octicon-moon color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M9.598 1.591a.75.75 0 01.785-.175 7 7 0 11-8.967 8.967.75.75 0 01.961-.96 5.5 5.5 0 007.046-7.046.75.75 0 01.175-.786zm1.616 1.945a7 7 0 01-7.678 7.678 5.5 5.5 0 107.678-7.678z"></path></svg>
</div>
<div data-local-provider-octicon-id="person-color-fg-muted">
<svg height="16" class="octicon octicon-person color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M10.5 5a2.5 2.5 0 11-5 0 2.5 2.5 0 015 0zm.061 3.073a4 4 0 10-5.123 0 6.004 6.004 0 00-3.431 5.142.75.75 0 001.498.07 4.5 4.5 0 018.99 0 .75.75 0 101.498-.07 6.005 6.005 0 00-3.432-5.142z"></path></svg>
</div>
<div data-local-provider-octicon-id="pencil-color-fg-muted">
<svg height="16" class="octicon octicon-pencil color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M11.013 1.427a1.75 1.75 0 012.474 0l1.086 1.086a1.75 1.75 0 010 2.474l-8.61 8.61c-.21.21-.47.364-.756.445l-3.251.93a.75.75 0 01-.927-.928l.929-3.25a1.75 1.75 0 01.445-.758l8.61-8.61zm1.414 1.06a.25.25 0 00-.354 0L10.811 3.75l1.439 1.44 1.263-1.263a.25.25 0 000-.354l-1.086-1.086zM11.189 6.25L9.75 4.81l-6.286 6.287a.25.25 0 00-.064.108l-.558 1.953 1.953-.558a.249.249 0 00.108-.064l6.286-6.286z"></path></svg>
</div>
<div data-local-provider-octicon-id="issue-opened-open">
<svg height="16" class="octicon octicon-issue-opened open" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path d="M8 9.5a1.5 1.5 0 100-3 1.5 1.5 0 000 3z"></path><path fill-rule="evenodd" d="M8 0a8 8 0 100 16A8 8 0 008 0zM1.5 8a6.5 6.5 0 1113 0 6.5 6.5 0 01-13 0z"></path></svg>
</div>
<div data-local-provider-octicon-id="git-pull-request-draft-color-fg-muted">
<svg height="16" class="octicon octicon-git-pull-request-draft color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M2.5 3.25a.75.75 0 111.5 0 .75.75 0 01-1.5 0zM3.25 1a2.25 2.25 0 00-.75 4.372v5.256a2.251 2.251 0 101.5 0V5.372A2.25 2.25 0 003.25 1zm0 11a.75.75 0 100 1.5.75.75 0 000-1.5zm9.5 3a2.25 2.25 0 100-4.5 2.25 2.25 0 000 4.5zm0-3a.75.75 0 100 1.5.75.75 0 000-1.5z"></path><path d="M14 7.5a1.25 1.25 0 11-2.5 0 1.25 1.25 0 012.5 0zm0-4.25a1.25 1.25 0 11-2.5 0 1.25 1.25 0 012.5 0z"></path></svg>
</div>
<div data-local-provider-octicon-id="search-color-fg-muted">
<svg height="16" class="octicon octicon-search color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path></svg>
</div>
<div data-local-provider-octicon-id="sun-color-fg-muted">
<svg height="16" class="octicon octicon-sun color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M8 10.5a2.5 2.5 0 100-5 2.5 2.5 0 000 5zM8 12a4 4 0 100-8 4 4 0 000 8zM8 0a.75.75 0 01.75.75v1.5a.75.75 0 01-1.5 0V.75A.75.75 0 018 0zm0 13a.75.75 0 01.75.75v1.5a.75.75 0 01-1.5 0v-1.5A.75.75 0 018 13zM2.343 2.343a.75.75 0 011.061 0l1.06 1.061a.75.75 0 01-1.06 1.06l-1.06-1.06a.75.75 0 010-1.06zm9.193 9.193a.75.75 0 011.06 0l1.061 1.06a.75.75 0 01-1.06 1.061l-1.061-1.06a.75.75 0 010-1.061zM16 8a.75.75 0 01-.75.75h-1.5a.75.75 0 010-1.5h1.5A.75.75 0 0116 8zM3 8a.75.75 0 01-.75.75H.75a.75.75 0 010-1.5h1.5A.75.75 0 013 8zm10.657-5.657a.75.75 0 010 1.061l-1.061 1.06a.75.75 0 11-1.06-1.06l1.06-1.06a.75.75 0 011.06 0zm-9.193 9.193a.75.75 0 010 1.06l-1.06 1.061a.75.75 0 11-1.061-1.06l1.06-1.061a.75.75 0 011.061 0z"></path></svg>
</div>
<div data-local-provider-octicon-id="sync-color-fg-muted">
<svg height="16" class="octicon octicon-sync color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M8 2.5a5.487 5.487 0 00-4.131 1.869l1.204 1.204A.25.25 0 014.896 6H1.25A.25.25 0 011 5.75V2.104a.25.25 0 01.427-.177l1.38 1.38A7.001 7.001 0 0114.95 7.16a.75.75 0 11-1.49.178A5.501 5.501 0 008 2.5zM1.705 8.005a.75.75 0 01.834.656 5.501 5.501 0 009.592 2.97l-1.204-1.204a.25.25 0 01.177-.427h3.646a.25.25 0 01.25.25v3.646a.25.25 0 01-.427.177l-1.38-1.38A7.001 7.001 0 011.05 8.84a.75.75 0 01.656-.834z"></path></svg>
</div>
<div data-local-provider-octicon-id="trash-color-fg-muted">
<svg height="16" class="octicon octicon-trash color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M6.5 1.75a.25.25 0 01.25-.25h2.5a.25.25 0 01.25.25V3h-3V1.75zm4.5 0V3h2.25a.75.75 0 010 1.5H2.75a.75.75 0 010-1.5H5V1.75C5 .784 5.784 0 6.75 0h2.5C10.216 0 11 .784 11 1.75zM4.496 6.675a.75.75 0 10-1.492.15l.66 6.6A1.75 1.75 0 005.405 15h5.19c.9 0 1.652-.681 1.741-1.576l.66-6.6a.75.75 0 00-1.492-.149l-.66 6.6a.25.25 0 01-.249.225h-5.19a.25.25 0 01-.249-.225l-.66-6.6z"></path></svg>
</div>
<div data-local-provider-octicon-id="key-color-fg-muted">
<svg height="16" class="octicon octicon-key color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M6.5 5.5a4 4 0 112.731 3.795.75.75 0 00-.768.18L7.44 10.5H6.25a.75.75 0 00-.75.75v1.19l-.06.06H4.25a.75.75 0 00-.75.75v1.19l-.06.06H1.75a.25.25 0 01-.25-.25v-1.69l5.024-5.023a.75.75 0 00.181-.768A3.995 3.995 0 016.5 5.5zm4-5.5a5.5 5.5 0 00-5.348 6.788L.22 11.72a.75.75 0 00-.22.53v2C0 15.216.784 16 1.75 16h2a.75.75 0 00.53-.22l.5-.5a.75.75 0 00.22-.53V14h.75a.75.75 0 00.53-.22l.5-.5a.75.75 0 00.22-.53V12h.75a.75.75 0 00.53-.22l.932-.932A5.5 5.5 0 1010.5 0zm.5 6a1 1 0 100-2 1 1 0 000 2z"></path></svg>
</div>
<div data-local-provider-octicon-id="comment-discussion-color-fg-muted">
<svg height="16" class="octicon octicon-comment-discussion color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M1.5 2.75a.25.25 0 01.25-.25h8.5a.25.25 0 01.25.25v5.5a.25.25 0 01-.25.25h-3.5a.75.75 0 00-.53.22L3.5 11.44V9.25a.75.75 0 00-.75-.75h-1a.25.25 0 01-.25-.25v-5.5zM1.75 1A1.75 1.75 0 000 2.75v5.5C0 9.216.784 10 1.75 10H2v1.543a1.457 1.457 0 002.487 1.03L7.061 10h3.189A1.75 1.75 0 0012 8.25v-5.5A1.75 1.75 0 0010.25 1h-8.5zM14.5 4.75a.25.25 0 00-.25-.25h-.5a.75.75 0 110-1.5h.5c.966 0 1.75.784 1.75 1.75v5.5A1.75 1.75 0 0114.25 12H14v1.543a1.457 1.457 0 01-2.487 1.03L9.22 12.28a.75.75 0 111.06-1.06l2.22 2.22v-2.19a.75.75 0 01.75-.75h1a.25.25 0 00.25-.25v-5.5z"></path></svg>
</div>
<div data-local-provider-octicon-id="bell-color-fg-muted">
<svg height="16" class="octicon octicon-bell color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path d="M8 16a2 2 0 001.985-1.75c.017-.137-.097-.25-.235-.25h-3.5c-.138 0-.252.113-.235.25A2 2 0 008 16z"></path><path fill-rule="evenodd" d="M8 1.5A3.5 3.5 0 004.5 5v2.947c0 .346-.102.683-.294.97l-1.703 2.556a.018.018 0 00-.003.01l.001.006c0 .002.002.004.004.006a.017.017 0 00.006.004l.007.001h10.964l.007-.001a.016.016 0 00.006-.004.016.016 0 00.004-.006l.001-.007a.017.017 0 00-.003-.01l-1.703-2.554a1.75 1.75 0 01-.294-.97V5A3.5 3.5 0 008 1.5zM3 5a5 5 0 0110 0v2.947c0 .05.015.098.042.139l1.703 2.555A1.518 1.518 0 0113.482 13H2.518a1.518 1.518 0 01-1.263-2.36l1.703-2.554A.25.25 0 003 7.947V5z"></path></svg>
</div>
<div data-local-provider-octicon-id="bell-slash-color-fg-muted">
<svg height="16" class="octicon octicon-bell-slash color-fg-muted" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M8 1.5c-.997 0-1.895.416-2.534 1.086A.75.75 0 014.38 1.55 5 5 0 0113 5v2.373a.75.75 0 01-1.5 0V5A3.5 3.5 0 008 1.5zM4.182 4.31L1.19 2.143a.75.75 0 10-.88 1.214L3 5.305v2.642a.25.25 0 01-.042.139L1.255 10.64A1.518 1.518 0 002.518 13h11.108l1.184.857a.75.75 0 10.88-1.214l-1.375-.996a1.196 1.196 0 00-.013-.01L4.198 4.321a.733.733 0 00-.016-.011zm7.373 7.19L4.5 6.391v1.556c0 .346-.102.683-.294.97l-1.703 2.556a.018.018 0 00-.003.01.015.015 0 00.005.012.017.017 0 00.006.004l.007.001h9.037zM8 16a2 2 0 001.985-1.75c.017-.137-.097-.25-.235-.25h-3.5c-.138 0-.252.113-.235.25A2 2 0 008 16z"></path></svg>
</div>
</div>
<server-defined-provider data-type="search-links"></server-defined-provider>
<server-defined-provider data-type="help">
<command-palette-help
data-group="modes_help"
data-prefix="#"
data-scope-types="[""]"
>
<span data-target="command-palette-help.titleElement">Search for <strong>issues</strong> and <strong>pull requests</strong></span>
<span data-target="command-palette-help.hintElement">
<kbd class="hx_kbd">#</kbd>
</span>
</command-palette-help>
<command-palette-help
data-group="modes_help"
data-prefix="#"
data-scope-types="["owner","repository"]"
>
<span data-target="command-palette-help.titleElement">Search for <strong>issues, pull requests, discussions,</strong> and <strong>projects</strong></span>
<span data-target="command-palette-help.hintElement">
<kbd class="hx_kbd">#</kbd>
</span>
</command-palette-help>
<command-palette-help
data-group="modes_help"
data-prefix="@"
data-scope-types="[""]"
>
<span data-target="command-palette-help.titleElement">Search for <strong>organizations, repositories,</strong> and <strong>users</strong></span>
<span data-target="command-palette-help.hintElement">
<kbd class="hx_kbd">@</kbd>
</span>
</command-palette-help>
<command-palette-help
data-group="modes_help"
data-prefix="!"
data-scope-types="["owner","repository"]"
>
<span data-target="command-palette-help.titleElement">Search for <strong>projects</strong></span>
<span data-target="command-palette-help.hintElement">
<kbd class="hx_kbd">!</kbd>
</span>
</command-palette-help>
<command-palette-help
data-group="modes_help"
data-prefix="/"
data-scope-types="["repository"]"
>
<span data-target="command-palette-help.titleElement">Search for <strong>files</strong></span>
<span data-target="command-palette-help.hintElement">
<kbd class="hx_kbd">/</kbd>
</span>
</command-palette-help>
<command-palette-help
data-group="modes_help"
data-prefix=">"
>
<span data-target="command-palette-help.titleElement">Activate <strong>command mode</strong></span>
<span data-target="command-palette-help.hintElement">
<kbd class="hx_kbd">></kbd>
</span>
</command-palette-help>
<command-palette-help
data-group="filters_help"
data-prefix="# author:@me"
>
<span data-target="command-palette-help.titleElement">Search your issues, pull requests, and discussions</span>
<span data-target="command-palette-help.hintElement">
<kbd class="hx_kbd"># author:@me</kbd>
</span>
</command-palette-help>
<command-palette-help
data-group="filters_help"
data-prefix="# author:@me"
>
<span data-target="command-palette-help.titleElement">Search your issues, pull requests, and discussions</span>
<span data-target="command-palette-help.hintElement">
<kbd class="hx_kbd"># author:@me</kbd>
</span>
</command-palette-help>
<command-palette-help
data-group="filters_help"
data-prefix="# is:pr"
>
<span data-target="command-palette-help.titleElement">Filter to pull requests</span>
<span data-target="command-palette-help.hintElement">
<kbd class="hx_kbd"># is:pr</kbd>
</span>
</command-palette-help>
<command-palette-help
data-group="filters_help"
data-prefix="# is:issue"
>
<span data-target="command-palette-help.titleElement">Filter to issues</span>
<span data-target="command-palette-help.hintElement">
<kbd class="hx_kbd"># is:issue</kbd>
</span>
</command-palette-help>
<command-palette-help
data-group="filters_help"
data-prefix="# is:discussion"
data-scope-types="["owner","repository"]"
>
<span data-target="command-palette-help.titleElement">Filter to discussions</span>
<span data-target="command-palette-help.hintElement">
<kbd class="hx_kbd"># is:discussion</kbd>
</span>
</command-palette-help>
<command-palette-help
data-group="filters_help"
data-prefix="# is:project"
data-scope-types="["owner","repository"]"
>
<span data-target="command-palette-help.titleElement">Filter to projects</span>
<span data-target="command-palette-help.hintElement">
<kbd class="hx_kbd"># is:project</kbd>
</span>
</command-palette-help>
<command-palette-help
data-group="filters_help"
data-prefix="# is:open"
>
<span data-target="command-palette-help.titleElement">Filter to open issues, pull requests, and discussions</span>
<span data-target="command-palette-help.hintElement">
<kbd class="hx_kbd"># is:open</kbd>
</span>
</command-palette-help>
</server-defined-provider>
<server-defined-provider
data-type="prefetched"
data-fetch-debounce="0"
data-src="/command_palette/commands"
data-supported-modes="[">"]"
data-supports-commands
></server-defined-provider>
<server-defined-provider
data-type="prefetched"
data-fetch-debounce="0"
data-src="/command_palette/jump_to_page_navigation"
data-supported-modes="[""]"
></server-defined-provider>
<server-defined-provider
data-type="remote"
data-fetch-debounce="200"
data-src="/command_palette/issues"
data-supported-modes="["#","#"]"
data-supported-scope-types="["owner","repository",""]"
></server-defined-provider>
<server-defined-provider
data-type="remote"
data-fetch-debounce="200"
data-src="/command_palette/jump_to"
data-supported-modes="["@","@"]"
data-supported-scope-types="["","owner"]"
></server-defined-provider>
<server-defined-provider
data-type="remote"
data-fetch-debounce="200"
data-src="/command_palette/jump_to_members_only"
data-supported-modes="[""]"
></server-defined-provider>
<server-defined-provider
data-type="prefetched"
data-fetch-debounce="0"
data-src="/command_palette/jump_to_members_only_prefetched"
data-supported-modes="["@","@",""]"
data-supported-scope-types="["","owner"]"
></server-defined-provider>
<server-defined-provider
data-type="files"
data-fetch-debounce="0"
data-src="/command_palette/files"
data-supported-modes="["/"]"
data-supported-scope-types="["repository"]"
></server-defined-provider>
<server-defined-provider
data-type="remote"
data-fetch-debounce="200"
data-src="/command_palette/discussions"
data-supported-modes="["#"]"
data-supported-scope-types="["owner","repository"]"
></server-defined-provider>
<server-defined-provider
data-type="remote"
data-fetch-debounce="200"
data-src="/command_palette/projects"
data-supported-modes="["#","!"]"
data-supported-scope-types="["owner","repository"]"
></server-defined-provider>
<server-defined-provider
data-type="prefetched"
data-fetch-debounce="0"
data-src="/command_palette/recent_issues"
data-supported-modes="["#","#"]"
data-supported-scope-types="["owner","repository",""]"
></server-defined-provider>
<server-defined-provider
data-type="remote"
data-fetch-debounce="200"
data-src="/command_palette/teams"
data-supported-modes="["@",""]"
data-supported-scope-types="["owner"]"
></server-defined-provider>
<server-defined-provider
data-type="remote"
data-fetch-debounce="200"
data-src="/command_palette/name_with_owner_repository"
data-supported-modes="[""]"
></server-defined-provider>
<server-defined-provider
data-type="main-window-commands"
data-fetch-debounce="0"
data-supported-modes="[">"]"
data-supports-commands
></server-defined-provider>
</command-palette>
</details-dialog>
</details>
<div class="position-fixed bottom-0 left-0 ml-5 mb-5 js-command-palette-toasts" style="z-index: 1000">
<div hidden class="Toast Toast--loading">
<span class="Toast-icon">
<svg class="Toast--spinner" viewBox="0 0 32 32" width="18" height="18" aria-hidden="true">
<path
fill="#959da5"
d="M16 0 A16 16 0 0 0 16 32 A16 16 0 0 0 16 0 M16 4 A12 12 0 0 1 16 28 A12 12 0 0 1 16 4"
/>
<path fill="#ffffff" d="M16 0 A16 16 0 0 1 32 16 L28 16 A12 12 0 0 0 16 4z"></path>
</svg>
</span>
<span class="Toast-content"></span>
</div>
<div hidden class="anim-fade-in fast Toast Toast--error">
<span class="Toast-icon">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-stop">
<path fill-rule="evenodd" d="M4.47.22A.75.75 0 015 0h6a.75.75 0 01.53.22l4.25 4.25c.141.14.22.331.22.53v6a.75.75 0 01-.22.53l-4.25 4.25A.75.75 0 0111 16H5a.75.75 0 01-.53-.22L.22 11.53A.75.75 0 010 11V5a.75.75 0 01.22-.53L4.47.22zm.84 1.28L1.5 5.31v5.38l3.81 3.81h5.38l3.81-3.81V5.31L10.69 1.5H5.31zM8 4a.75.75 0 01.75.75v3.5a.75.75 0 01-1.5 0v-3.5A.75.75 0 018 4zm0 8a1 1 0 100-2 1 1 0 000 2z"></path>
</svg>
</span>
<span class="Toast-content"></span>
</div>
<div hidden class="anim-fade-in fast Toast Toast--warning">
<span class="Toast-icon">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd" d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z"></path>
</svg>
</span>
<span class="Toast-content"></span>
</div>
<div hidden class="anim-fade-in fast Toast Toast--success">
<span class="Toast-icon">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-check">
<path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path>
</svg>
</span>
<span class="Toast-content"></span>
</div>
<div hidden class="anim-fade-in fast Toast">
<span class="Toast-icon">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-info">
<path fill-rule="evenodd" d="M8 1.5a6.5 6.5 0 100 13 6.5 6.5 0 000-13zM0 8a8 8 0 1116 0A8 8 0 010 8zm6.5-.25A.75.75 0 017.25 7h1a.75.75 0 01.75.75v2.75h.25a.75.75 0 010 1.5h-2a.75.75 0 010-1.5h.25v-2h-.25a.75.75 0 01-.75-.75zM8 6a1 1 0 100-2 1 1 0 000 2z"></path>
</svg>
</span>
<span class="Toast-content"></span>
</div>
</div>
<div hidden class="js-command-palette-pjax-meta-data" data-pjax-replace id="command-palette-pjax-meta-data"
data-subject-id="MDEwOlJlcG9zaXRvcnk3MTIyMDc1Nw=="
data-subject-type="Repository"
>
</div>
<div
class="application-main "
data-commit-hovercards-enabled
data-discussion-hovercards-enabled
data-issue-and-pr-hovercards-enabled
>
<div itemscope itemtype="http://schema.org/SoftwareSourceCode" class="">
<main id="js-repo-pjax-container" data-pjax-container >
<div id="repository-container-header" class="pt-3 hide-full-screen mb-5" style="background-color: var(--color-page-header-bg);" data-pjax-replace>
<div class="d-flex mb-3 px-3 px-md-4 px-lg-5">
<div class="flex-auto min-width-0 width-fit mr-3">
<h1 class=" d-flex flex-wrap flex-items-center wb-break-word f3 text-normal">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo color-fg-muted mr-2">
<path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path>
</svg>
<span class="author flex-self-stretch" itemprop="author">
<a class="url fn" rel="author" data-hovercard-type="user" data-hovercard-url="/users/swisskyrepo/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/swisskyrepo">swisskyrepo</a>
</span>
<span class="mx-1 flex-self-stretch color-fg-muted">/</span>
<strong itemprop="name" class="mr-2 flex-self-stretch">
<a data-pjax="#repo-content-pjax-container" href="/swisskyrepo/PayloadsAllTheThings">PayloadsAllTheThings</a>
</strong>
<span></span><span class="Label Label--secondary v-align-middle mr-1">Public</span>
</h1>
</div>
<ul class="pagehead-actions flex-shrink-0 d-none d-md-inline" style="padding: 2px 0;">
<li>
<include-fragment src="/swisskyrepo/PayloadsAllTheThings/sponsor_button"></include-fragment>
</li>
<li>
<notifications-list-subscription-form class="f5 position-relative">
<details
class="details-reset details-overlay f5 position-relative"
data-target="notifications-list-subscription-form.details"
data-action="toggle:notifications-list-subscription-form#detailsToggled"
>
<summary data-hydro-click="{"event_type":"repository.click","payload":{"target":"WATCH_BUTTON","repository_id":71220757,"originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="dbab2642b5beaa9fb36f0dc6d5d6a70049757f18b80e6513f794ed57155c966e" data-ga-click="Repository, click Watch settings, action:blob#show" aria-label="Notification settings" data-view-component="true" class="btn-sm btn"> <span data-menu-button>
<span
hidden
data-target="notifications-list-subscription-form.unwatchButtonCopy"
>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-eye">
<path fill-rule="evenodd" d="M1.679 7.932c.412-.621 1.242-1.75 2.366-2.717C5.175 4.242 6.527 3.5 8 3.5c1.473 0 2.824.742 3.955 1.715 1.124.967 1.954 2.096 2.366 2.717a.119.119 0 010 .136c-.412.621-1.242 1.75-2.366 2.717C10.825 11.758 9.473 12.5 8 12.5c-1.473 0-2.824-.742-3.955-1.715C2.92 9.818 2.09 8.69 1.679 8.068a.119.119 0 010-.136zM8 2c-1.981 0-3.67.992-4.933 2.078C1.797 5.169.88 6.423.43 7.1a1.619 1.619 0 000 1.798c.45.678 1.367 1.932 2.637 3.024C4.329 13.008 6.019 14 8 14c1.981 0 3.67-.992 4.933-2.078 1.27-1.091 2.187-2.345 2.637-3.023a1.619 1.619 0 000-1.798c-.45-.678-1.367-1.932-2.637-3.023C11.671 2.992 9.981 2 8 2zm0 8a2 2 0 100-4 2 2 0 000 4z"></path>
</svg>
Unwatch
</span>
<span
hidden
data-target="notifications-list-subscription-form.stopIgnoringButtonCopy"
>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-bell-slash">
<path fill-rule="evenodd" d="M8 1.5c-.997 0-1.895.416-2.534 1.086A.75.75 0 014.38 1.55 5 5 0 0113 5v2.373a.75.75 0 01-1.5 0V5A3.5 3.5 0 008 1.5zM4.182 4.31L1.19 2.143a.75.75 0 10-.88 1.214L3 5.305v2.642a.25.25 0 01-.042.139L1.255 10.64A1.518 1.518 0 002.518 13h11.108l1.184.857a.75.75 0 10.88-1.214l-1.375-.996a1.196 1.196 0 00-.013-.01L4.198 4.321a.733.733 0 00-.016-.011zm7.373 7.19L4.5 6.391v1.556c0 .346-.102.683-.294.97l-1.703 2.556a.018.018 0 00-.003.01.015.015 0 00.005.012.017.017 0 00.006.004l.007.001h9.037zM8 16a2 2 0 001.985-1.75c.017-.137-.097-.25-.235-.25h-3.5c-.138 0-.252.113-.235.25A2 2 0 008 16z"></path>
</svg>
Stop ignoring
</span>
<span
data-target="notifications-list-subscription-form.watchButtonCopy"
>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-eye">
<path fill-rule="evenodd" d="M1.679 7.932c.412-.621 1.242-1.75 2.366-2.717C5.175 4.242 6.527 3.5 8 3.5c1.473 0 2.824.742 3.955 1.715 1.124.967 1.954 2.096 2.366 2.717a.119.119 0 010 .136c-.412.621-1.242 1.75-2.366 2.717C10.825 11.758 9.473 12.5 8 12.5c-1.473 0-2.824-.742-3.955-1.715C2.92 9.818 2.09 8.69 1.679 8.068a.119.119 0 010-.136zM8 2c-1.981 0-3.67.992-4.933 2.078C1.797 5.169.88 6.423.43 7.1a1.619 1.619 0 000 1.798c.45.678 1.367 1.932 2.637 3.024C4.329 13.008 6.019 14 8 14c1.981 0 3.67-.992 4.933-2.078 1.27-1.091 2.187-2.345 2.637-3.023a1.619 1.619 0 000-1.798c-.45-.678-1.367-1.932-2.637-3.023C11.671 2.992 9.981 2 8 2zm0 8a2 2 0 100-4 2 2 0 000 4z"></path>
</svg>
Watch
</span>
</span>
<span id="repo-notifications-counter" data-target="notifications-list-subscription-form.socialCount" data-pjax-replace="true" title="1,502" data-view-component="true" class="Counter">1.5k</span>
<span class="dropdown-caret"></span>
</summary>
<details-menu
class="SelectMenu "
role="menu"
data-target="notifications-list-subscription-form.menu"
>
<div class="SelectMenu-modal notifications-component-menu-modal">
<header class="SelectMenu-header">
<h3 class="SelectMenu-title">Notifications</h3>
<button class="SelectMenu-closeButton" type="button" aria-label="Close menu" data-action="click:notifications-list-subscription-form#closeMenu">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-x">
<path fill-rule="evenodd" d="M3.72 3.72a.75.75 0 011.06 0L8 6.94l3.22-3.22a.75.75 0 111.06 1.06L9.06 8l3.22 3.22a.75.75 0 11-1.06 1.06L8 9.06l-3.22 3.22a.75.75 0 01-1.06-1.06L6.94 8 3.72 4.78a.75.75 0 010-1.06z"></path>
</svg>
</button>
</header>
<div class="SelectMenu-list">
<form data-target="notifications-list-subscription-form.form" data-action="submit:notifications-list-subscription-form#submitForm" action="/notifications/subscribe" accept-charset="UTF-8" method="post"><input type="hidden" name="authenticity_token" value="T6-Nx7bnzBXw-etuSP5KyhgPLet6KeTTKUChbLUZ3x65KfEn7ecMKjuRMrOprhRJxVx5qu-TPM5mlgClt-bqwQ" autocomplete="off" />
<input type="hidden" name="repository_id" value="71220757">
<button
type="submit"
name="do"
value="included"
class="SelectMenu-item flex-items-start"
role="menuitemradio"
aria-checked="true"
data-targets="notifications-list-subscription-form.subscriptionButtons"
>
<span class="f5">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-check SelectMenu-icon SelectMenu-icon--check">
<path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path>
</svg>
</span>
<div>
<div class="f5 text-bold">
Participating and @mentions
</div>
<div class="text-small color-fg-muted text-normal pb-1">
Only receive notifications from this repository when participating or @mentioned.
</div>
</div>
</button>
<button
type="submit"
name="do"
value="subscribed"
class="SelectMenu-item flex-items-start"
role="menuitemradio"
aria-checked="false"
data-targets="notifications-list-subscription-form.subscriptionButtons"
>
<span class="f5">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-check SelectMenu-icon SelectMenu-icon--check">
<path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path>
</svg>
</span>
<div>
<div class="f5 text-bold">
All Activity
</div>
<div class="text-small color-fg-muted text-normal pb-1">
Notified of all notifications on this repository.
</div>
</div>
</button>
<button
type="submit"
name="do"
value="ignore"
class="SelectMenu-item flex-items-start"
role="menuitemradio"
aria-checked="false"
data-targets="notifications-list-subscription-form.subscriptionButtons"
>
<span class="f5">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-check SelectMenu-icon SelectMenu-icon--check">
<path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path>
</svg>
</span>
<div>
<div class="f5 text-bold">
Ignore
</div>
<div class="text-small color-fg-muted text-normal pb-1">
Never be notified.
</div>
</div>
</button>
</form>
<button
class="SelectMenu-item flex-items-start pr-3"
type="button"
role="menuitemradio"
data-target="notifications-list-subscription-form.customButton"
data-action="click:notifications-list-subscription-form#openCustomDialog"
aria-haspopup="true"
aria-checked="false"
>
<span class="f5">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-check SelectMenu-icon SelectMenu-icon--check">
<path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path>
</svg>
</span>
<div>
<div class="d-flex flex-items-start flex-justify-between">
<div class="f5 text-bold">Custom</div>
<div class="f5 pr-1">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-arrow-right">
<path fill-rule="evenodd" d="M8.22 2.97a.75.75 0 011.06 0l4.25 4.25a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06-1.06l2.97-2.97H3.75a.75.75 0 010-1.5h7.44L8.22 4.03a.75.75 0 010-1.06z"></path>
</svg>
</div>
</div>
<div class="text-small color-fg-muted text-normal pb-1">
Select events you want to be notified of in addition to participating and @mentions.
</div>
</div>
</button>
<div class="px-3 py-2 d-flex color-bg-subtle flex-items-center">
<span class="f5">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-device-mobile SelectMenu-icon SelectMenu-icon--device-mobile">
<path fill-rule="evenodd" d="M3.75 0A1.75 1.75 0 002 1.75v12.5c0 .966.784 1.75 1.75 1.75h8.5A1.75 1.75 0 0014 14.25V1.75A1.75 1.75 0 0012.25 0h-8.5zM3.5 1.75a.25.25 0 01.25-.25h8.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25h-8.5a.25.25 0 01-.25-.25V1.75zM8 13a1 1 0 100-2 1 1 0 000 2z"></path>
</svg>
</span>
<span className="text-small color-fg-muted text-normal pb-1">
Get push notifications on <a target="_blank" rel="noopener noreferrer" href="https://apps.apple.com/app/apple-store/id1477376905?ct=watch-dropdown&mt=8&pt=524675">iOS</a> or <a target="_blank" rel="noopener noreferrer" href="https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dwatch-dropdown%26utm_medium%3Dweb%26utm_source%3Dgithub">Android</a>.
</span>
</div>
</div>
</div>
</details-menu>
<details-dialog class="notifications-component-dialog " data-target="notifications-list-subscription-form.customDialog" hidden>
<div class="SelectMenu-modal notifications-component-dialog-modal overflow-visible">
<form data-target="notifications-list-subscription-form.customform" data-action="submit:notifications-list-subscription-form#submitCustomForm" action="/notifications/subscribe" accept-charset="UTF-8" method="post"><input type="hidden" name="authenticity_token" value="_VkcuJSiGrIre9rgmXS0KLlu1-soTec0QFznyCrRH1UL32BYz6LajeATAz14JOqrZD2Dqr33PykPikYBKC4qig" autocomplete="off" />
<input type="hidden" name="repository_id" value="71220757">
<header class="d-sm-none SelectMenu-header pb-0 border-bottom-0 px-2 px-sm-3">
<h1 class="f3 SelectMenu-title d-inline-flex">
<button
class="color-bg-default border-0 px-2 py-0 m-0 Link--secondary f5"
aria-label="Return to menu"
type="button"
data-action="click:notifications-list-subscription-form#closeCustomDialog"
>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-arrow-left">
<path fill-rule="evenodd" d="M7.78 12.53a.75.75 0 01-1.06 0L2.47 8.28a.75.75 0 010-1.06l4.25-4.25a.75.75 0 011.06 1.06L4.81 7h7.44a.75.75 0 010 1.5H4.81l2.97 2.97a.75.75 0 010 1.06z"></path>
</svg>
</button>
Custom
</h1>
</header>
<header class="d-none d-sm-flex flex-items-start pt-1">
<button
class="border-0 px-2 pt-1 m-0 Link--secondary f5"
style="background-color: transparent;"
aria-label="Return to menu"
type="button"
data-action="click:notifications-list-subscription-form#closeCustomDialog"
>
<svg style="position: relative; left: 2px; top: 1px" aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-arrow-left">
<path fill-rule="evenodd" d="M7.78 12.53a.75.75 0 01-1.06 0L2.47 8.28a.75.75 0 010-1.06l4.25-4.25a.75.75 0 011.06 1.06L4.81 7h7.44a.75.75 0 010 1.5H4.81l2.97 2.97a.75.75 0 010 1.06z"></path>
</svg>
</button>
<h1 class="pt-1 pr-4 pb-0 pl-0 f5 text-bold">
Custom
</h1>
</header>
<fieldset>
<legend>
<div class="text-small color-fg-muted pt-0 pr-3 pb-3 pl-6 pl-sm-5 border-bottom mb-3">
Select events you want to be notified of in addition to participating and @mentions.
</div>
</legend>
<div class="form-checkbox mr-3 ml-6 ml-sm-5 mb-2 mt-0">
<label class="f5 text-normal">
<input
type="checkbox"
name="thread_types[]"
value="Issue"
data-targets="notifications-list-subscription-form.threadTypeCheckboxes"
data-action="change:notifications-list-subscription-form#threadTypeCheckboxesUpdated"
>
Issues
</label>
<span
class="tooltipped tooltipped-nw mr-2 p-1 float-right"
aria-label="Issues are not enabled for this repo">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-info color-fg-muted">
<path fill-rule="evenodd" d="M8 1.5a6.5 6.5 0 100 13 6.5 6.5 0 000-13zM0 8a8 8 0 1116 0A8 8 0 010 8zm6.5-.25A.75.75 0 017.25 7h1a.75.75 0 01.75.75v2.75h.25a.75.75 0 010 1.5h-2a.75.75 0 010-1.5h.25v-2h-.25a.75.75 0 01-.75-.75zM8 6a1 1 0 100-2 1 1 0 000 2z"></path>
</svg>
</span>
</div>
<div class="form-checkbox mr-3 ml-6 ml-sm-5 mb-2 mt-0">
<label class="f5 text-normal">
<input
type="checkbox"
name="thread_types[]"
value="PullRequest"
data-targets="notifications-list-subscription-form.threadTypeCheckboxes"
data-action="change:notifications-list-subscription-form#threadTypeCheckboxesUpdated"
>
Pull requests
</label>
</div>
<div class="form-checkbox mr-3 ml-6 ml-sm-5 mb-2 mt-0">
<label class="f5 text-normal">
<input
type="checkbox"
name="thread_types[]"
value="Release"
data-targets="notifications-list-subscription-form.threadTypeCheckboxes"
data-action="change:notifications-list-subscription-form#threadTypeCheckboxesUpdated"
>
Releases
</label>
</div>
<div class="form-checkbox mr-3 ml-6 ml-sm-5 mb-2 mt-0">
<label class="f5 text-normal">
<input
type="checkbox"
name="thread_types[]"
value="Discussion"
data-targets="notifications-list-subscription-form.threadTypeCheckboxes"
data-action="change:notifications-list-subscription-form#threadTypeCheckboxesUpdated"
>
Discussions
</label>
<span
class="tooltipped tooltipped-nw mr-2 p-1 float-right"
aria-label="Discussions are not enabled for this repo">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-info color-fg-muted">
<path fill-rule="evenodd" d="M8 1.5a6.5 6.5 0 100 13 6.5 6.5 0 000-13zM0 8a8 8 0 1116 0A8 8 0 010 8zm6.5-.25A.75.75 0 017.25 7h1a.75.75 0 01.75.75v2.75h.25a.75.75 0 010 1.5h-2a.75.75 0 010-1.5h.25v-2h-.25a.75.75 0 01-.75-.75zM8 6a1 1 0 100-2 1 1 0 000 2z"></path>
</svg>
</span>
</div>
<div class="form-checkbox mr-3 ml-6 ml-sm-5 mb-2 mt-0">
<label class="f5 text-normal">
<input
type="checkbox"
name="thread_types[]"
value="SecurityAlert"
data-targets="notifications-list-subscription-form.threadTypeCheckboxes"
data-action="change:notifications-list-subscription-form#threadTypeCheckboxesUpdated"
>
Security alerts
</label>
</div>
</fieldset>
<div class="pt-2 pb-3 px-3 d-flex flex-justify-start flex-row-reverse">
<button name="do" value="custom" data-target="notifications-list-subscription-form.customSubmit" disabled="disabled" type="submit" data-view-component="true" class="btn-primary btn-sm btn ml-2"> Apply
</button>
<button data-action="click:notifications-list-subscription-form#resetForm" data-close-dialog="" type="button" data-view-component="true" class="btn-sm btn"> Cancel
</button>
</div>
</form> </div>
</details-dialog>
<div class="notifications-component-dialog-overlay"></div>
</details>
</notifications-list-subscription-form>
</li>
<li>
<form class="btn-with-count" action="/swisskyrepo/PayloadsAllTheThings/fork" accept-charset="UTF-8" method="post"><input type="hidden" name="authenticity_token" value="Q7iO1sjakAGjGgu57Uvdd1DNrKYQJ5oGnFc-QdMQwd8cX11OGosR0ovE9tPlAGjJMsEZiO4cQlYvRmELOoBQFw" autocomplete="off" />
<button data-hydro-click="{"event_type":"repository.click","payload":{"target":"FORK_BUTTON","repository_id":71220757,"originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="94152dbc1c8299ef7de4bf4f62edfd3f0b0f87e436e065f1d2fdc9f9a22a185a" data-ga-click="Repository, show fork modal, action:blob#show; text:Fork" aria-label="Fork your own copy of swisskyrepo/PayloadsAllTheThings to your account" type="submit" data-view-component="true" class="btn-sm btn"> <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-repo-forked mr-2">
<path fill-rule="evenodd" d="M5 3.25a.75.75 0 11-1.5 0 .75.75 0 011.5 0zm0 2.122a2.25 2.25 0 10-1.5 0v.878A2.25 2.25 0 005.75 8.5h1.5v2.128a2.251 2.251 0 101.5 0V8.5h1.5a2.25 2.25 0 002.25-2.25v-.878a2.25 2.25 0 10-1.5 0v.878a.75.75 0 01-.75.75h-4.5A.75.75 0 015 6.25v-.878zm3.75 7.378a.75.75 0 11-1.5 0 .75.75 0 011.5 0zm3-8.75a.75.75 0 100-1.5.75.75 0 000 1.5z"></path>
</svg>Fork
<span id="repo-network-counter" data-pjax-replace="true" title="9,252" data-view-component="true" class="Counter">9.3k</span>
</button></form>
</li>
<li>
<div data-view-component="true" class="js-toggler-container js-social-container starring-container BtnGroup d-flex">
<form class="starred js-social-form BtnGroup-parent flex-auto" action="/swisskyrepo/PayloadsAllTheThings/unstar" accept-charset="UTF-8" method="post"><input type="hidden" name="authenticity_token" value="_-UtA-WU3MksxRt3i18I_XRWak2tLUp0Vr9iyR4bunAfDHFteh-jhdS85dFwerrm6bGPVwM_SZb1dXRd0Cg8hg" autocomplete="off" />
<input type="hidden" name="context" value="repository">
<button data-hydro-click="{"event_type":"repository.click","payload":{"target":"UNSTAR_BUTTON","repository_id":71220757,"originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="ddac11806de153dc797cce221093d57526ac2c6b60faa33d56de03a37c8b7dff" data-ga-click="Repository, click unstar button, action:blob#show; text:Unstar" aria-label="Unstar this repository" type="submit" data-view-component="true" class="js-toggler-target rounded-left-2 border-right-0 btn-sm btn BtnGroup-item"> <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-star-fill starred-button-icon d-inline-block mr-2">
<path fill-rule="evenodd" d="M8 .25a.75.75 0 01.673.418l1.882 3.815 4.21.612a.75.75 0 01.416 1.279l-3.046 2.97.719 4.192a.75.75 0 01-1.088.791L8 12.347l-3.766 1.98a.75.75 0 01-1.088-.79l.72-4.194L.818 6.374a.75.75 0 01.416-1.28l4.21-.611L7.327.668A.75.75 0 018 .25z"></path>
</svg><span data-view-component="true" class="d-inline">
Starred
</span> <span id="repo-stars-counter-unstar" aria-label="33636 users starred this repository" data-singular-suffix="user starred this repository" data-plural-suffix="users starred this repository" data-pjax-replace="true" title="33,636" data-view-component="true" class="Counter js-social-count">33.6k</span>
</button></form>
<form class="unstarred js-social-form BtnGroup-parent flex-auto" action="/swisskyrepo/PayloadsAllTheThings/star" accept-charset="UTF-8" method="post"><input type="hidden" name="authenticity_token" value="4C4LMkv-5WT_8qLps07hdx8xLxN2Xz0dFmnzSElje9w5GOcBJEKHemMHJyzJiBQBnO7HZfLwVhGIGhl4wlBj_g" autocomplete="off" />
<input type="hidden" name="context" value="repository">
<button data-hydro-click="{"event_type":"repository.click","payload":{"target":"STAR_BUTTON","repository_id":71220757,"originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="b7f2ddea39bcfb05842ea4c4211a550683d112471fffd36766fba47e353e46ec" data-ga-click="Repository, click star button, action:blob#show; text:Star" aria-label="Star this repository" type="submit" data-view-component="true" class="js-toggler-target rounded-left-2 btn-sm btn BtnGroup-item"> <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-star d-inline-block mr-2">
<path fill-rule="evenodd" d="M8 .25a.75.75 0 01.673.418l1.882 3.815 4.21.612a.75.75 0 01.416 1.279l-3.046 2.97.719 4.192a.75.75 0 01-1.088.791L8 12.347l-3.766 1.98a.75.75 0 01-1.088-.79l.72-4.194L.818 6.374a.75.75 0 01.416-1.28l4.21-.611L7.327.668A.75.75 0 018 .25zm0 2.445L6.615 5.5a.75.75 0 01-.564.41l-3.097.45 2.24 2.184a.75.75 0 01.216.664l-.528 3.084 2.769-1.456a.75.75 0 01.698 0l2.77 1.456-.53-3.084a.75.75 0 01.216-.664l2.24-2.183-3.096-.45a.75.75 0 01-.564-.41L8 2.694v.001z"></path>
</svg><span data-view-component="true" class="d-inline">
Star
</span> <span id="repo-stars-counter-star" aria-label="33636 users starred this repository" data-singular-suffix="user starred this repository" data-plural-suffix="users starred this repository" data-pjax-replace="true" title="33,636" data-view-component="true" class="Counter js-social-count">33.6k</span>
</button></form>
<details id="details-59da93" data-view-component="true" class="details-reset details-overlay BtnGroup-parent js-user-list-menu d-inline-block position-relative">
<summary aria-label="Add this repository to a list" data-view-component="true" class="btn-sm btn BtnGroup-item px-2 float-none"> <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-triangle-down">
<path d="M4.427 7.427l3.396 3.396a.25.25 0 00.354 0l3.396-3.396A.25.25 0 0011.396 7H4.604a.25.25 0 00-.177.427z"></path>
</svg>
</summary> <template class="js-user-list-create-dialog-template" data-label="Create list">
<div class="Box-header">
<h2 class="Box-title">Create list</h2>
</div>
<form class="Box-body d-flex flex-column p-3 js-user-list-form" action="/stars/shubh123-tri/lists" accept-charset="UTF-8" method="post"><input type="hidden" name="authenticity_token" value="2EItT83KP6fMRw3BqdACIruU4bigd9HRnwrT588P2MwkduJkxovCw9ALJvdSTczpog0UDm-4CgaVnJwi0AuoXw" autocomplete="off" />
<p class="color-fg-subtle mb-3">Create a list to organize your starred repositories.</p>
<input type="hidden" name="repository_id" value="{{ repositoryId }}">
<div class="form-group mx-0 mt-0 mb-2 js-user-list-input-container js-characters-remaining-container position-relative">
<auto-check src="/stars/shubh123-tri/list-check?attr=name" required>
<text-expander keys=":" data-emoji-url="/autocomplete/emoji">
<input
type="text"
name="user_list[name]"
class="form-control js-user-list-input js-characters-remaining-field"
placeholder="âï¸ Name this list"
value=""
aria-label="List name"
maxlength="32"
data-maxlength="32"
autofocus
required
>
</text-expander>
<input type="hidden" value="RVm4-gUYxhKkdXiWKjSxlGIbZyqOrdDV-h_Qvt0JUV1urr55CLWumNMWNOybmWDOaemEMy6naqvJwzH_R8jIiw" data-csrf="true" />
</auto-check>
<p
class="note error position-relative js-user-list-error"
hidden
>
Name .
</p>
<p class="mt-1 text-small float-right js-characters-remaining" data-suffix="remaining" hidden>
32 remaining
</p>
</div>
<div class="form-group mx-0 mt-0 mb-2 js-user-list-input-container js-characters-remaining-container position-relative">
<text-expander keys=":" data-emoji-url="/autocomplete/emoji">
<textarea
name="user_list[description]"
class="form-control js-user-list-input js-characters-remaining-field"
placeholder="Write a description"
aria-label="List description"
maxlength="160"
data-maxlength="160"
style="height: 74px; min-height: 74px"
></textarea>
</text-expander>
<p
class="note error position-relative js-user-list-error"
hidden
>
Description .
</p>
<p class="mt-1 text-small float-right js-characters-remaining" data-suffix="remaining" hidden>
160 remaining
</p>
</div>
<div hidden="hidden" data-generic-message="Unable to save your list at this time." data-view-component="true" class="js-user-list-base flash flash-error mx-0 mt-0 mb-2">
.
</div> <button disabled="disabled" data-disable-invalid="true" data-submitting-message="Creating..." type="submit" data-view-component="true" class="btn-primary btn btn-block mt-2"> Create
</button>
<p class="note mt-2 mb-0">
<strong>Tip:</strong> type <code>:</code> to add emoji to the name or description.
</p>
</form>
<div data-view-component="true" class="Box-footer Box-row--gray text-small color-fg-muted d-flex flex-items-baseline py-2">
<span title="Feature Release Label: Beta" aria-label="Feature Release Label: Beta" data-view-component="true" class="Label Label--success Label--inline px-2 mr-2">Beta</span>
<span class="mr-1">Lists are currently in beta.</span>
<a href="/github/feedback/discussions/categories/lists-feedback">Share feedback and report bugs.</a>
</div>
</template>
<details-menu
class="SelectMenu right-0"
src="/swisskyrepo/PayloadsAllTheThings/lists"
role="menu"
>
<div class="SelectMenu-modal">
<button class="SelectMenu-closeButton position-absolute right-0 m-2" type="button" aria-label="Close menu" data-toggle-for="details-59da93">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-x">
<path fill-rule="evenodd" d="M3.72 3.72a.75.75 0 011.06 0L8 6.94l3.22-3.22a.75.75 0 111.06 1.06L9.06 8l3.22 3.22a.75.75 0 11-1.06 1.06L8 9.06l-3.22 3.22a.75.75 0 01-1.06-1.06L6.94 8 3.72 4.78a.75.75 0 010-1.06z"></path>
</svg>
</button>
<div
id="filter-menu-59da93"
class="d-flex flex-column flex-1 overflow-hidden"
>
<div
class="SelectMenu-list"
>
<include-fragment class="SelectMenu-loading" aria-label="Loading">
<svg style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke" />
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke" />
</svg>
</include-fragment>
</div>
</div>
</div>
</details-menu>
</details>
</div>
</li>
<li>
</li>
</ul>
</div>
<div id="responsive-meta-container" data-pjax-replace>
</div>
<nav data-pjax="#js-repo-pjax-container" aria-label="Repository" data-view-component="true" class="js-repo-nav js-sidenav-container-pjax js-responsive-underlinenav overflow-hidden UnderlineNav px-3 px-md-4 px-lg-5">
<ul data-view-component="true" class="UnderlineNav-body list-style-none">
<li data-view-component="true" class="d-inline-flex">
<a id="code-tab" href="/swisskyrepo/PayloadsAllTheThings" data-tab-item="i0code-tab" data-selected-links="repo_source repo_downloads repo_commits repo_releases repo_tags repo_branches repo_packages repo_deployments /swisskyrepo/PayloadsAllTheThings" data-pjax="#repo-content-pjax-container" data-hotkey="g c" data-ga-click="Repository, Navigation click, Code tab" aria-current="page" data-view-component="true" class="UnderlineNav-item hx_underlinenav-item no-wrap js-responsive-underlinenav-item js-selected-navigation-item selected">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-code UnderlineNav-octicon d-none d-sm-inline">
<path fill-rule="evenodd" d="M4.72 3.22a.75.75 0 011.06 1.06L2.06 8l3.72 3.72a.75.75 0 11-1.06 1.06L.47 8.53a.75.75 0 010-1.06l4.25-4.25zm6.56 0a.75.75 0 10-1.06 1.06L13.94 8l-3.72 3.72a.75.75 0 101.06 1.06l4.25-4.25a.75.75 0 000-1.06l-4.25-4.25z"></path>
</svg>
<span data-content="Code">Code</span>
<span id="code-repo-tab-count" data-pjax-replace="" title="Not available" data-view-component="true" class="Counter"></span>
</a></li>
<li data-view-component="true" class="d-inline-flex">
<a id="pull-requests-tab" href="/swisskyrepo/PayloadsAllTheThings/pulls" data-tab-item="i1pull-requests-tab" data-selected-links="repo_pulls checks /swisskyrepo/PayloadsAllTheThings/pulls" data-pjax="#repo-content-pjax-container" data-hotkey="g p" data-ga-click="Repository, Navigation click, Pull requests tab" data-view-component="true" class="UnderlineNav-item hx_underlinenav-item no-wrap js-responsive-underlinenav-item js-selected-navigation-item">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-git-pull-request UnderlineNav-octicon d-none d-sm-inline">
<path fill-rule="evenodd" d="M7.177 3.073L9.573.677A.25.25 0 0110 .854v4.792a.25.25 0 01-.427.177L7.177 3.427a.25.25 0 010-.354zM3.75 2.5a.75.75 0 100 1.5.75.75 0 000-1.5zm-2.25.75a2.25 2.25 0 113 2.122v5.256a2.251 2.251 0 11-1.5 0V5.372A2.25 2.25 0 011.5 3.25zM11 2.5h-1V4h1a1 1 0 011 1v5.628a2.251 2.251 0 101.5 0V5A2.5 2.5 0 0011 2.5zm1 10.25a.75.75 0 111.5 0 .75.75 0 01-1.5 0zM3.75 12a.75.75 0 100 1.5.75.75 0 000-1.5z"></path>
</svg>
<span data-content="Pull requests">Pull requests</span>
<span id="pull-requests-repo-tab-count" data-pjax-replace="" title="6" data-view-component="true" class="Counter">6</span>
</a></li>
<li data-view-component="true" class="d-inline-flex">
<a id="projects-tab" href="/swisskyrepo/PayloadsAllTheThings/projects?type=beta" data-tab-item="i2projects-tab" data-selected-links="repo_projects new_repo_project repo_project /swisskyrepo/PayloadsAllTheThings/projects?type=beta" data-pjax="#repo-content-pjax-container" data-hotkey="g b" data-ga-click="Repository, Navigation click, Projects tab" data-view-component="true" class="UnderlineNav-item hx_underlinenav-item no-wrap js-responsive-underlinenav-item js-selected-navigation-item">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-table UnderlineNav-octicon d-none d-sm-inline">
<path fill-rule="evenodd" d="M0 1.75C0 .784.784 0 1.75 0h12.5C15.216 0 16 .784 16 1.75v3.585a.746.746 0 010 .83v8.085A1.75 1.75 0 0114.25 16H6.309a.748.748 0 01-1.118 0H1.75A1.75 1.75 0 010 14.25V6.165a.746.746 0 010-.83V1.75zM1.5 6.5v7.75c0 .138.112.25.25.25H5v-8H1.5zM5 5H1.5V1.75a.25.25 0 01.25-.25H5V5zm1.5 1.5v8h7.75a.25.25 0 00.25-.25V6.5h-8zm8-1.5h-8V1.5h7.75a.25.25 0 01.25.25V5z"></path>
</svg>
<span data-content="Projects">Projects</span>
<span id="projects-repo-tab-count" data-pjax-replace="" title="0" hidden="hidden" data-view-component="true" class="Counter">0</span>
</a></li>
<li data-view-component="true" class="d-inline-flex">
<a id="security-tab" href="/swisskyrepo/PayloadsAllTheThings/security" data-tab-item="i3security-tab" data-selected-links="security overview alerts policy token_scanning code_scanning /swisskyrepo/PayloadsAllTheThings/security" data-pjax="#repo-content-pjax-container" data-hotkey="g s" data-ga-click="Repository, Navigation click, Security tab" data-view-component="true" class="UnderlineNav-item hx_underlinenav-item no-wrap js-responsive-underlinenav-item js-selected-navigation-item">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-shield UnderlineNav-octicon d-none d-sm-inline">
<path fill-rule="evenodd" d="M7.467.133a1.75 1.75 0 011.066 0l5.25 1.68A1.75 1.75 0 0115 3.48V7c0 1.566-.32 3.182-1.303 4.682-.983 1.498-2.585 2.813-5.032 3.855a1.7 1.7 0 01-1.33 0c-2.447-1.042-4.049-2.357-5.032-3.855C1.32 10.182 1 8.566 1 7V3.48a1.75 1.75 0 011.217-1.667l5.25-1.68zm.61 1.429a.25.25 0 00-.153 0l-5.25 1.68a.25.25 0 00-.174.238V7c0 1.358.275 2.666 1.057 3.86.784 1.194 2.121 2.34 4.366 3.297a.2.2 0 00.154 0c2.245-.956 3.582-2.104 4.366-3.298C13.225 9.666 13.5 8.36 13.5 7V3.48a.25.25 0 00-.174-.237l-5.25-1.68zM9 10.5a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.75a.75.75 0 10-1.5 0v3a.75.75 0 001.5 0v-3z"></path>
</svg>
<span data-content="Security">Security</span>
<include-fragment src="/swisskyrepo/PayloadsAllTheThings/security/overall-count" accept="text/fragment+html"></include-fragment>
</a></li>
<li data-view-component="true" class="d-inline-flex">
<a id="insights-tab" href="/swisskyrepo/PayloadsAllTheThings/pulse" data-tab-item="i4insights-tab" data-selected-links="repo_graphs repo_contributors dependency_graph dependabot_updates pulse people community /swisskyrepo/PayloadsAllTheThings/pulse" data-pjax="#repo-content-pjax-container" data-ga-click="Repository, Navigation click, Insights tab" data-view-component="true" class="UnderlineNav-item hx_underlinenav-item no-wrap js-responsive-underlinenav-item js-selected-navigation-item">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-graph UnderlineNav-octicon d-none d-sm-inline">
<path fill-rule="evenodd" d="M1.5 1.75a.75.75 0 00-1.5 0v12.5c0 .414.336.75.75.75h14.5a.75.75 0 000-1.5H1.5V1.75zm14.28 2.53a.75.75 0 00-1.06-1.06L10 7.94 7.53 5.47a.75.75 0 00-1.06 0L3.22 8.72a.75.75 0 001.06 1.06L7 7.06l2.47 2.47a.75.75 0 001.06 0l5.25-5.25z"></path>
</svg>
<span data-content="Insights">Insights</span>
<span id="insights-repo-tab-count" data-pjax-replace="" title="Not available" data-view-component="true" class="Counter"></span>
</a></li>
</ul>
<div style="visibility:hidden;" data-view-component="true" class="UnderlineNav-actions js-responsive-underlinenav-overflow position-absolute pr-3 pr-md-4 pr-lg-5 right-0"> <details data-view-component="true" class="details-overlay details-reset position-relative">
<summary role="button" data-view-component="true"> <div class="UnderlineNav-item mr-0 border-0">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-kebab-horizontal">
<path d="M8 9a1.5 1.5 0 100-3 1.5 1.5 0 000 3zM1.5 9a1.5 1.5 0 100-3 1.5 1.5 0 000 3zm13 0a1.5 1.5 0 100-3 1.5 1.5 0 000 3z"></path>
</svg>
<span class="sr-only">More</span>
</div>
</summary>
<div data-view-component="true"> <details-menu role="menu" data-view-component="true" class="dropdown-menu dropdown-menu-sw">
<ul>
<li data-menu-item="i0code-tab" hidden>
<a role="menuitem" class="js-selected-navigation-item selected dropdown-item" aria-current="page" data-selected-links="repo_source repo_downloads repo_commits repo_releases repo_tags repo_branches repo_packages repo_deployments /swisskyrepo/PayloadsAllTheThings" href="/swisskyrepo/PayloadsAllTheThings">
Code
</a> </li>
<li data-menu-item="i1pull-requests-tab" hidden>
<a role="menuitem" class="js-selected-navigation-item dropdown-item" data-selected-links="repo_pulls checks /swisskyrepo/PayloadsAllTheThings/pulls" href="/swisskyrepo/PayloadsAllTheThings/pulls">
Pull requests
</a> </li>
<li data-menu-item="i2projects-tab" hidden>
<a role="menuitem" class="js-selected-navigation-item dropdown-item" data-selected-links="repo_projects new_repo_project repo_project /swisskyrepo/PayloadsAllTheThings/projects?type=beta" href="/swisskyrepo/PayloadsAllTheThings/projects?type=beta">
Projects
</a> </li>
<li data-menu-item="i3security-tab" hidden>
<a role="menuitem" class="js-selected-navigation-item dropdown-item" data-selected-links="security overview alerts policy token_scanning code_scanning /swisskyrepo/PayloadsAllTheThings/security" href="/swisskyrepo/PayloadsAllTheThings/security">
Security
</a> </li>
<li data-menu-item="i4insights-tab" hidden>
<a role="menuitem" class="js-selected-navigation-item dropdown-item" data-selected-links="repo_graphs repo_contributors dependency_graph dependabot_updates pulse people community /swisskyrepo/PayloadsAllTheThings/pulse" href="/swisskyrepo/PayloadsAllTheThings/pulse">
Insights
</a> </li>
</ul>
</details-menu></div>
</details></div>
</nav>
</div>
<div class="clearfix new-discussion-timeline container-xl px-3 px-md-4 px-lg-5">
<div id="repo-content-pjax-container" class="repository-content " >
<a href="https://github.dev/" class="d-none js-github-dev-shortcut" data-hotkey=".">Open in github.dev</a>
<a href="https://github.dev/" class="d-none js-github-dev-new-tab-shortcut" data-hotkey="Shift+.,Shift+>,>" target="_blank">Open in a new github.dev tab</a>
<div>
<a class="d-none js-permalink-shortcut" data-hotkey="y" href="/swisskyrepo/PayloadsAllTheThings/blob/f107a32f1f386a43c7952ce9bf7676d48659cab0/XSS%20Injection/Files/SVG_XSS.svg">Permalink</a>
<div class="d-flex flex-items-start flex-shrink-0 pb-3 flex-wrap flex-md-nowrap flex-justify-between flex-md-justify-start">
<div class="position-relative">
<details class="details-reset details-overlay mr-0 mb-0 " id="branch-select-menu">
<summary class="btn css-truncate"
data-hotkey="w"
title="Switch branches or tags">
<svg text="gray" aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-git-branch">
<path fill-rule="evenodd" d="M11.75 2.5a.75.75 0 100 1.5.75.75 0 000-1.5zm-2.25.75a2.25 2.25 0 113 2.122V6A2.5 2.5 0 0110 8.5H6a1 1 0 00-1 1v1.128a2.251 2.251 0 11-1.5 0V5.372a2.25 2.25 0 111.5 0v1.836A2.492 2.492 0 016 7h4a1 1 0 001-1v-.628A2.25 2.25 0 019.5 3.25zM4.25 12a.75.75 0 100 1.5.75.75 0 000-1.5zM3.5 3.25a.75.75 0 111.5 0 .75.75 0 01-1.5 0z"></path>
</svg>
<span class="css-truncate-target" data-menu-button>master</span>
<span class="dropdown-caret"></span>
</summary>
<div class="SelectMenu">
<div class="SelectMenu-modal">
<header class="SelectMenu-header">
<span class="SelectMenu-title">Switch branches/tags</span>
<button class="SelectMenu-closeButton" type="button" data-toggle-for="branch-select-menu"><svg aria-label="Close menu" aria-hidden="false" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-x">
<path fill-rule="evenodd" d="M3.72 3.72a.75.75 0 011.06 0L8 6.94l3.22-3.22a.75.75 0 111.06 1.06L9.06 8l3.22 3.22a.75.75 0 11-1.06 1.06L8 9.06l-3.22 3.22a.75.75 0 01-1.06-1.06L6.94 8 3.72 4.78a.75.75 0 010-1.06z"></path>
</svg></button>
</header>
<input-demux data-action="tab-container-change:input-demux#storeInput tab-container-changed:input-demux#updateInput">
<tab-container class="d-flex flex-column js-branches-tags-tabs" style="min-height: 0;">
<div class="SelectMenu-filter">
<input data-target="input-demux.source"
id="context-commitish-filter-field"
class="SelectMenu-input form-control"
aria-owns="ref-list-branches"
data-controls-ref-menu-id="ref-list-branches"
autofocus
autocomplete="off"
aria-label="Filter branches/tags"
placeholder="Filter branches/tags"
type="text"
>
</div>
<div class="SelectMenu-tabs" role="tablist" data-target="input-demux.control" >
<button class="SelectMenu-tab" type="button" role="tab" aria-selected="true">Branches</button>
<button class="SelectMenu-tab" type="button" role="tab">Tags</button>
</div>
<div role="tabpanel" id="ref-list-branches" data-filter-placeholder="Filter branches/tags" tabindex="" class="d-flex flex-column flex-auto overflow-auto">
<ref-selector
type="branch"
data-targets="input-demux.sinks"
data-action="
input-entered:ref-selector#inputEntered
tab-selected:ref-selector#tabSelected
focus-list:ref-selector#focusFirstListMember
"
query-endpoint="/swisskyrepo/PayloadsAllTheThings/refs"
cache-key="v0:1633899128.079813"
current-committish="bWFzdGVy"
default-branch="bWFzdGVy"
name-with-owner="c3dpc3NreXJlcG8vUGF5bG9hZHNBbGxUaGVUaGluZ3M="
prefetch-on-mouseover
>
<template data-target="ref-selector.fetchFailedTemplate">
<div class="SelectMenu-message" data-index="{{ index }}">Could not load branches</div>
</template>
<template data-target="ref-selector.noMatchTemplate">
<div class="SelectMenu-message">Nothing to show</div>
</template>
<!-- TODO: this max-height is necessary or else the branch list won't scroll. why? -->
<div data-target="ref-selector.listContainer" role="menu" class="SelectMenu-list " style="max-height: 330px" data-pjax="#repo-content-pjax-container">
<div class="SelectMenu-loading pt-3 pb-0 overflow-hidden" aria-label="Menu is loading">
<svg style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke" />
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke" />
</svg>
</div>
</div>
<template data-target="ref-selector.itemTemplate">
<a href="https://github.com/swisskyrepo/PayloadsAllTheThings/blob/{{ urlEncodedRefName }}/XSS%20Injection/Files/SVG_XSS.svg" class="SelectMenu-item" role="menuitemradio" rel="nofollow" aria-checked="{{ isCurrent }}" data-index="{{ index }}">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-check SelectMenu-icon SelectMenu-icon--check">
<path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path>
</svg>
<span class="flex-1 css-truncate css-truncate-overflow {{ isFilteringClass }}">{{ refName }}</span>
<span hidden="{{ isNotDefault }}" class="Label Label--secondary flex-self-start">default</span>
</a>
</template>
<footer class="SelectMenu-footer"><a href="/swisskyrepo/PayloadsAllTheThings/branches">View all branches</a></footer>
</ref-selector>
</div>
<div role="tabpanel" id="tags-menu" data-filter-placeholder="Find a tag" tabindex="" hidden class="d-flex flex-column flex-auto overflow-auto">
<ref-selector
type="tag"
data-action="
input-entered:ref-selector#inputEntered
tab-selected:ref-selector#tabSelected
focus-list:ref-selector#focusFirstListMember
"
data-targets="input-demux.sinks"
query-endpoint="/swisskyrepo/PayloadsAllTheThings/refs"
cache-key="v0:1633899128.079813"
current-committish="bWFzdGVy"
default-branch="bWFzdGVy"
name-with-owner="c3dpc3NreXJlcG8vUGF5bG9hZHNBbGxUaGVUaGluZ3M="
>
<template data-target="ref-selector.fetchFailedTemplate">
<div class="SelectMenu-message" data-index="{{ index }}">Could not load tags</div>
</template>
<template data-target="ref-selector.noMatchTemplate">
<div class="SelectMenu-message" data-index="{{ index }}">Nothing to show</div>
</template>
<template data-target="ref-selector.itemTemplate">
<a href="https://github.com/swisskyrepo/PayloadsAllTheThings/blob/{{ urlEncodedRefName }}/XSS%20Injection/Files/SVG_XSS.svg" class="SelectMenu-item" role="menuitemradio" rel="nofollow" aria-checked="{{ isCurrent }}" data-index="{{ index }}">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-check SelectMenu-icon SelectMenu-icon--check">
<path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path>
</svg>
<span class="flex-1 css-truncate css-truncate-overflow {{ isFilteringClass }}">{{ refName }}</span>
<span hidden="{{ isNotDefault }}" class="Label Label--secondary flex-self-start">default</span>
</a>
</template>
<div data-target="ref-selector.listContainer" role="menu" class="SelectMenu-list" style="max-height: 330px" data-pjax="#repo-content-pjax-container">
<div class="SelectMenu-loading pt-3 pb-0 overflow-hidden" aria-label="Menu is loading">
<svg style="box-sizing: content-box; color: var(--color-icon-primary);" width="32" height="32" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke" />
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke" />
</svg>
</div>
</div>
<footer class="SelectMenu-footer"><a href="/swisskyrepo/PayloadsAllTheThings/tags">View all tags</a></footer>
</ref-selector>
</div>
</tab-container>
</input-demux>
</div>
</div>
</details>
</div>
<h2 id="blob-path" class="breadcrumb flex-auto flex-self-center min-width-0 text-normal mx-2 width-full width-md-auto flex-order-1 flex-md-order-none mt-3 mt-md-0">
<span class="js-repo-root text-bold"><span class="js-path-segment d-inline-block wb-break-all"><a data-pjax="#repo-content-pjax-container" href="/swisskyrepo/PayloadsAllTheThings"><span>PayloadsAllTheThings</span></a></span></span><span class="separator">/</span><span class="js-path-segment d-inline-block wb-break-all"><a data-pjax="#repo-content-pjax-container" href="/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection"><span>XSS Injection</span></a></span><span class="separator">/</span><span class="js-path-segment d-inline-block wb-break-all"><a data-pjax="#repo-content-pjax-container" href="/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection/Files"><span>Files</span></a></span><span class="separator">/</span><strong class="final-path">SVG_XSS.svg</strong>
</h2>
<a href="/swisskyrepo/PayloadsAllTheThings/find/master"
class="js-pjax-capture-input btn mr-2 d-none d-md-block"
data-pjax
data-hotkey="t">
Go to file
</a>
<details id="blob-more-options-details" data-view-component="true" class="details-overlay details-reset position-relative">
<summary role="button" data-view-component="true" class="btn"> <svg aria-label="More options" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-kebab-horizontal">
<path d="M8 9a1.5 1.5 0 100-3 1.5 1.5 0 000 3zM1.5 9a1.5 1.5 0 100-3 1.5 1.5 0 000 3zm13 0a1.5 1.5 0 100-3 1.5 1.5 0 000 3z"></path>
</svg>
</summary>
<div data-view-component="true"> <ul class="dropdown-menu dropdown-menu-sw">
<li class="d-block d-md-none">
<a class="dropdown-item d-flex flex-items-baseline" data-hydro-click="{"event_type":"repository.click","payload":{"target":"FIND_FILE_BUTTON","repository_id":71220757,"originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="b8fc5a87a0e3e64367414d2339a5642a9126545ab05d46a22f83c80a6663b688" data-ga-click="Repository, find file, location:repo overview" data-hotkey="t" data-pjax="true" href="/swisskyrepo/PayloadsAllTheThings/find/master">
<span class="flex-auto">Go to file</span>
<span class="text-small color-fg-muted" aria-hidden="true">T</span>
</a> </li>
<li data-toggle-for="blob-more-options-details">
<button data-toggle-for="jumpto-line-details-dialog" type="button" data-view-component="true" class="dropdown-item btn-link"> <span class="d-flex flex-items-baseline">
<span class="flex-auto">Go to line</span>
<span class="text-small color-fg-muted" aria-hidden="true">L</span>
</span>
</button> </li>
<li class="dropdown-divider" role="none"></li>
<li>
<clipboard-copy data-toggle-for="blob-more-options-details" aria-label="Copy path" value="XSS Injection/Files/SVG_XSS.svg" data-view-component="true" class="dropdown-item cursor-pointer">
Copy path
</clipboard-copy> </li>
<li>
<clipboard-copy data-toggle-for="blob-more-options-details" aria-label="Copy permalink" value="https://github.com/swisskyrepo/PayloadsAllTheThings/blob/f107a32f1f386a43c7952ce9bf7676d48659cab0/XSS%20Injection/Files/SVG_XSS.svg" data-view-component="true" class="dropdown-item cursor-pointer">
<span class="d-flex flex-items-baseline">
<span class="flex-auto">Copy permalink</span>
</span>
</clipboard-copy> </li>
</ul>
</div>
</details> </div>
<div class="Box d-flex flex-column flex-shrink-0 mb-3">
<include-fragment src="/swisskyrepo/PayloadsAllTheThings/contributors/master/XSS%20Injection/Files/SVG_XSS.svg" class="commit-loader">
<div class="Box-header d-flex flex-items-center">
<div class="Skeleton avatar avatar-user flex-shrink-0 ml-n1 mr-n1 mt-n1 mb-n1" style="width:24px;height:24px;"></div>
<div class="Skeleton Skeleton--text col-5 ml-2"> </div>
</div>
<div class="Box-body d-flex flex-items-center" >
<div class="Skeleton Skeleton--text col-1"> </div>
<span class="color-fg-danger h6 loader-error">Cannot retrieve contributors at this time</span>
</div>
</include-fragment> </div>
<div data-target="readme-toc.content" class="Box mt-3 position-relative">
<div
class="Box-header js-blob-header py-2 pr-2 d-flex flex-shrink-0 flex-md-row flex-items-center"
>
<div class="text-mono f6 flex-auto pr-3 flex-order-2 flex-md-order-1">
9 lines (8 sloc)
<span class="file-info-divider"></span>
379 Bytes
</div>
<div class="d-flex py-1 py-md-0 flex-auto flex-order-1 flex-md-order-2 flex-sm-grow-0 flex-justify-between hide-sm hide-md">
<div class="BtnGroup">
<a href="/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg?short_path=1b8329b" data-permalink-href="/swisskyrepo/PayloadsAllTheThings/blob/f107a32f1f386a43c7952ce9bf7676d48659cab0/XSS%20Injection/Files/SVG_XSS.svg?short_path=1b8329b" aria-label="Display the source blob" data-view-component="true" class="source tooltipped tooltipped tooltipped-n js-permalink-replaceable-link btn-sm btn BtnGroup-item"> <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-code">
<path fill-rule="evenodd" d="M4.72 3.22a.75.75 0 011.06 1.06L2.06 8l3.72 3.72a.75.75 0 11-1.06 1.06L.47 8.53a.75.75 0 010-1.06l4.25-4.25zm6.56 0a.75.75 0 10-1.06 1.06L13.94 8l-3.72 3.72a.75.75 0 101.06 1.06l4.25-4.25a.75.75 0 000-1.06l-4.25-4.25z"></path>
</svg>
</a> <a href="/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg" data-permalink-href="/swisskyrepo/PayloadsAllTheThings/blob/f107a32f1f386a43c7952ce9bf7676d48659cab0/XSS%20Injection/Files/SVG_XSS.svg" aria-label="Display the rendered blob" data-view-component="true" class="rendered tooltipped tooltipped tooltipped-n selected js-permalink-replaceable-link btn-sm btn BtnGroup-item"> <svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-file">
<path fill-rule="evenodd" d="M3.75 1.5a.25.25 0 00-.25.25v11.5c0 .138.112.25.25.25h8.5a.25.25 0 00.25-.25V6H9.75A1.75 1.75 0 018 4.25V1.5H3.75zm5.75.56v2.19c0 .138.112.25.25.25h2.19L9.5 2.06zM2 1.75C2 .784 2.784 0 3.75 0h5.086c.464 0 .909.184 1.237.513l3.414 3.414c.329.328.513.773.513 1.237v8.086A1.75 1.75 0 0112.25 15h-8.5A1.75 1.75 0 012 13.25V1.75z"></path>
</svg>
</a> </div>
<div class="BtnGroup">
<a href="/swisskyrepo/PayloadsAllTheThings/raw/master/XSS%20Injection/Files/SVG_XSS.svg" id="raw-url" data-view-component="true" class="btn-sm btn BtnGroup-item"> Raw
</a>
<a href="/swisskyrepo/PayloadsAllTheThings/blame/master/XSS%20Injection/Files/SVG_XSS.svg" data-hotkey="b" data-view-component="true" class="js-update-url-with-hash btn-sm btn BtnGroup-item"> Blame
</a>
</div>
<div>
<a class="btn-octicon tooltipped tooltipped-nw js-remove-unless-platform"
data-platforms="windows,mac"
href="https://desktop.github.com"
aria-label="Open this file in GitHub Desktop"
data-ga-click="Repository, open with desktop">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-device-desktop">
<path fill-rule="evenodd" d="M1.75 2.5h12.5a.25.25 0 01.25.25v7.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25v-7.5a.25.25 0 01.25-.25zM14.25 1H1.75A1.75 1.75 0 000 2.75v7.5C0 11.216.784 12 1.75 12h3.727c-.1 1.041-.52 1.872-1.292 2.757A.75.75 0 004.75 16h6.5a.75.75 0 00.565-1.243c-.772-.885-1.193-1.716-1.292-2.757h3.727A1.75 1.75 0 0016 10.25v-7.5A1.75 1.75 0 0014.25 1zM9.018 12H6.982a5.72 5.72 0 01-.765 2.5h3.566a5.72 5.72 0 01-.765-2.5z"></path>
</svg>
</a>
<remote-clipboard-copy class="d-inline-block btn-octicon" style="height: 26px" data-src="/swisskyrepo/PayloadsAllTheThings/raw/master/XSS%20Injection/Files/SVG_XSS.svg" data-action="click:remote-clipboard-copy#remoteCopy">
<span data-target="remote-clipboard-copy.idle"> <span class="tooltipped tooltipped-nw cursor-pointer" data-hydro-click="{"event_type":"repository.click","payload":{"target":"COPY_RAW_CONTENTS_BUTTON","repository_id":71220757,"originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="a7a1dfde1b7cd117a4d259625f0fd76d8ec9a6517c37e8d88c50654485b177b1" aria-label="Copy raw contents">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-copy">
<path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path>
</svg>
</span></span>
<span data-target="remote-clipboard-copy.fetching" hidden="hidden"> <svg style="box-sizing: content-box; color: var(--color-icon-primary);" width="16" height="16" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke" />
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke" />
</svg>
</span>
<span data-target="remote-clipboard-copy.success" hidden="hidden"> <span class="tooltipped tooltipped-nw" aria-label="Copied!">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-check color-fg-success">
<path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path>
</svg>
</span>
</span>
<span data-target="remote-clipboard-copy.error" hidden="hidden"> <span class="tooltipped tooltipped-nw" aria-label="Something went wrong. Try again.">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert color-fg-attention">
<path fill-rule="evenodd" d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z"></path>
</svg>
</span>
</span>
</remote-clipboard-copy>
<!-- '"` --><!-- </textarea></xmp> --></option></form><form class="inline-form js-update-url-with-hash" action="/swisskyrepo/PayloadsAllTheThings/edit/master/XSS%20Injection/Files/SVG_XSS.svg" accept-charset="UTF-8" method="post"><input type="hidden" name="authenticity_token" value="b2sR2Z22xZQcfDXO7kRKYsA_uLAVuKrPxuQGbXgkoysURwwJPd9mnrry41lUbPcvPesGEbMXCQnYhUCNPpTnSA" />
<button class="btn-octicon tooltipped tooltipped-nw" type="submit"
aria-label="Fork this project and edit the file" data-hotkey="e" data-disable-with>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-pencil">
<path fill-rule="evenodd" d="M11.013 1.427a1.75 1.75 0 012.474 0l1.086 1.086a1.75 1.75 0 010 2.474l-8.61 8.61c-.21.21-.47.364-.756.445l-3.251.93a.75.75 0 01-.927-.928l.929-3.25a1.75 1.75 0 01.445-.758l8.61-8.61zm1.414 1.06a.25.25 0 00-.354 0L10.811 3.75l1.439 1.44 1.263-1.263a.25.25 0 000-.354l-1.086-1.086zM11.189 6.25L9.75 4.81l-6.286 6.287a.25.25 0 00-.064.108l-.558 1.953 1.953-.558a.249.249 0 00.108-.064l6.286-6.286z"></path>
</svg>
</button>
</form>
<!-- '"` --><!-- </textarea></xmp> --></option></form><form class="inline-form" action="/swisskyrepo/PayloadsAllTheThings/delete/master/XSS%20Injection/Files/SVG_XSS.svg" accept-charset="UTF-8" method="post"><input type="hidden" name="authenticity_token" value="I2wC8IQYMfd27uLbrg6_QaM0rYGoWsuIHQGkVa50h34E1T5YLNZttD-k69tBNU1lWW1cYHpw4HTMhz1F7JaiXg" />
<button class="btn-octicon btn-octicon-danger tooltipped tooltipped-nw" type="submit"
aria-label="Fork this project and delete the file" data-disable-with>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-trash">
<path fill-rule="evenodd" d="M6.5 1.75a.25.25 0 01.25-.25h2.5a.25.25 0 01.25.25V3h-3V1.75zm4.5 0V3h2.25a.75.75 0 010 1.5H2.75a.75.75 0 010-1.5H5V1.75C5 .784 5.784 0 6.75 0h2.5C10.216 0 11 .784 11 1.75zM4.496 6.675a.75.75 0 10-1.492.15l.66 6.6A1.75 1.75 0 005.405 15h5.19c.9 0 1.652-.681 1.741-1.576l.66-6.6a.75.75 0 00-1.492-.149l-.66 6.6a.25.25 0 01-.249.225h-5.19a.25.25 0 01-.249-.225l-.66-6.6z"></path>
</svg>
</button>
</form> </div>
</div>
<div class="d-flex hide-lg hide-xl flex-order-2 flex-grow-0">
<details class="dropdown details-reset details-overlay d-inline-block">
<summary class="btn-octicon" aria-haspopup="true" aria-label="possible actions">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-kebab-horizontal">
<path d="M8 9a1.5 1.5 0 100-3 1.5 1.5 0 000 3zM1.5 9a1.5 1.5 0 100-3 1.5 1.5 0 000 3zm13 0a1.5 1.5 0 100-3 1.5 1.5 0 000 3z"></path>
</svg>
</summary>
<ul class="dropdown-menu dropdown-menu-sw" style="width: 175px">
<li>
<a class="dropdown-item tooltipped tooltipped-nw js-remove-unless-platform"
data-platforms="windows,mac"
href="https://desktop.github.com"
data-ga-click="Repository, open with desktop">
Open with Desktop
</a>
</li>
<li>
<a class="dropdown-item" href="/swisskyrepo/PayloadsAllTheThings/raw/master/XSS%20Injection/Files/SVG_XSS.svg">
View raw
</a>
</li>
<li>
<remote-clipboard-copy class="dropdown-item" data-src="/swisskyrepo/PayloadsAllTheThings/raw/master/XSS%20Injection/Files/SVG_XSS.svg" data-action="click:remote-clipboard-copy#remoteCopy">
<span data-target="remote-clipboard-copy.idle"> <span class="cursor-pointer" data-hydro-click="{"event_type":"repository.click","payload":{"target":"COPY_RAW_CONTENTS_BUTTON","repository_id":71220757,"originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="a7a1dfde1b7cd117a4d259625f0fd76d8ec9a6517c37e8d88c50654485b177b1">
Copy raw contents
</span></span>
<span data-target="remote-clipboard-copy.fetching" hidden="hidden"> Copy raw contents
<span class="d-inline-block position-relative" style="top: 3px">
<svg aria-label="fetching contentsâ¦" style="box-sizing: content-box; color: var(--color-icon-primary);" width="16" height="16" viewBox="0 0 16 16" fill="none" data-view-component="true" class="anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke" />
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke" />
</svg>
</span>
</span>
<span data-target="remote-clipboard-copy.success" hidden="hidden"> Copy raw contents
<svg aria-label="Copied!" role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-check color-fg-success">
<path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path>
</svg>
</span>
<span data-target="remote-clipboard-copy.error" hidden="hidden"> Copy raw contents
<svg aria-label="Something went wrong. Try again." role="img" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert color-fg-attention">
<path fill-rule="evenodd" d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z"></path>
</svg>
</span>
</remote-clipboard-copy> </li>
<li>
<a class="dropdown-item" href="/swisskyrepo/PayloadsAllTheThings/blame/master/XSS%20Injection/Files/SVG_XSS.svg">
View blame
</a>
</li>
<li class="dropdown-divider" role="none"></li>
<li>
<a class="dropdown-item" href="/swisskyrepo/PayloadsAllTheThings/edit/master/XSS%20Injection/Files/SVG_XSS.svg">Edit file</a>
</li>
<li>
<a class="dropdown-item menu-item-danger" href="/swisskyrepo/PayloadsAllTheThings/delete/master/XSS%20Injection/Files/SVG_XSS.svg">Delete file</a>
</li>
</ul>
</details>
</div>
</div>
<div itemprop="text" class="Box-body p-0 blob-wrapper data type-svg gist-border-0">
<div class="render-wrapper ">
<div class="render-container is-render-pending js-render-target "
data-identity="56187aa7-8ecf-4812-8f2a-9abd04afeb1c"
data-host="https://viewscreen.githubusercontent.com"
data-type="svg">
<svg style="box-sizing: content-box; color: var(--color-icon-primary);" width="64" height="64" viewBox="0 0 16 16" fill="none" data-view-component="true" class="octospinner mx-auto anim-rotate">
<circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke" />
<path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke" />
</svg>
<div class="render-viewer-error">Sorry, something went wrong. <a href="https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg">Reload?</a></div>
<div class="render-viewer-fatal">Sorry, we cannot display this file.</div>
<div class="render-viewer-invalid">Sorry, this file is invalid so it cannot be displayed.</div>
<iframe
class="render-viewer "
src="https://viewscreen.githubusercontent.com/view/svg?browser=chrome&color_mode=auto&commit=f107a32f1f386a43c7952ce9bf7676d48659cab0&device=unknown_device&enc_url=68747470733a2f2f7261772e67697468756275736572636f6e74656e742e636f6d2f73776973736b797265706f2f5061796c6f616473416c6c5468655468696e67732f663130376133326631663338366134336337393532636539626637363736643438363539636162302f585353253230496e6a656374696f6e2f46696c65732f5356475f5853532e737667&logged_in=true&nwo=swisskyrepo%2FPayloadsAllTheThings&path=XSS+Injection%2FFiles%2FSVG_XSS.svg&platform=windows&repository_id=71220757&repository_type=Repository&version=97#56187aa7-8ecf-4812-8f2a-9abd04afeb1c"
sandbox="allow-scripts allow-same-origin allow-top-navigation"
title="File display"
name="56187aa7-8ecf-4812-8f2a-9abd04afeb1c"
>
Viewer requires iframe.
</iframe>
</div>
</div>
</div>
</div>
<details class="details-reset details-overlay details-overlay-dark" id="jumpto-line-details-dialog">
<summary data-hotkey="l" aria-label="Jump to line"></summary>
<details-dialog class="Box Box--overlay d-flex flex-column anim-fade-in fast linejump" aria-label="Jump to line">
<!-- '"` --><!-- </textarea></xmp> --></option></form><form class="js-jump-to-line-form Box-body d-flex" action="" accept-charset="UTF-8" method="get">
<input class="form-control flex-auto mr-3 linejump-input js-jump-to-line-field" type="text" placeholder="Jump to line…" aria-label="Jump to line" autofocus>
<button data-close-dialog="" type="submit" data-view-component="true" class="btn"> Go
</button>
</form> </details-dialog>
</details>
</div>
</div>
</div>
</main>
</div>
</div>
<footer class="footer width-full container-xl p-responsive" role="contentinfo">
<div class="position-relative d-flex flex-items-center pb-2 f6 color-fg-muted border-top color-border-muted flex-column-reverse flex-lg-row flex-wrap flex-lg-nowrap mt-6 pt-6">
<ul class="list-style-none d-flex flex-wrap col-0 col-lg-2 flex-justify-start flex-lg-justify-between mb-2 mb-lg-0">
<li class="mt-2 mt-lg-0 d-flex flex-items-center">
<a aria-label="Homepage" title="GitHub" class="footer-octicon mr-2" href="https://github.com">
<svg aria-hidden="true" height="24" viewBox="0 0 16 16" version="1.1" width="24" data-view-component="true" class="octicon octicon-mark-github">
<path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path>
</svg>
</a> <span>
© 2022 GitHub, Inc.
</span>
</li>
</ul>
<ul class="list-style-none d-flex flex-wrap col-12 col-lg-8 flex-justify-center flex-lg-justify-between mb-2 mb-lg-0">
<li class="mr-3 mr-lg-0"><a href="https://docs.github.com/en/github/site-policy/github-terms-of-service" data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Footer","action":"go to terms","label":"text:terms","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="903a898011ce702e0cf8d78018c13fb67e4c585d4909c0852efe2f3f5734bf83" data-analytics-event="{"category":"Footer","action":"go to terms","label":"text:terms"}">Terms</a></li>
<li class="mr-3 mr-lg-0"><a href="https://docs.github.com/en/github/site-policy/github-privacy-statement" data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Footer","action":"go to privacy","label":"text:privacy","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="661cfeede472c995ecc28a21cdb73a0a704d17d3c7e36dd3a129e1be92ca40d5" data-analytics-event="{"category":"Footer","action":"go to privacy","label":"text:privacy"}">Privacy</a></li>
<li class="mr-3 mr-lg-0"><a data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Footer","action":"go to security","label":"text:security","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="f6ca2277ad4a4391cd2738e58b673c1888fe1e4a06700e4584e0dc4d01a81237" data-analytics-event="{"category":"Footer","action":"go to security","label":"text:security"}" href="https://github.com/security">Security</a></li>
<li class="mr-3 mr-lg-0"><a href="https://www.githubstatus.com/" data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Footer","action":"go to status","label":"text:status","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="b79c6bb82687efaa6a67c5f8ae1fa3be575e399e910c16863b2463c7c3828dc0" data-analytics-event="{"category":"Footer","action":"go to status","label":"text:status"}">Status</a></li>
<li class="mr-3 mr-lg-0"><a data-ga-click="Footer, go to help, text:Docs" href="https://docs.github.com">Docs</a></li>
<li class="mr-3 mr-lg-0"><a href="https://support.github.com?tags=dotcom-footer" data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Footer","action":"go to contact","label":"text:contact","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="7c17d59b98a5d95ba30dfc2aa925a8cb92a7316b6bd8fa765b7baa6b7fe4c243" data-analytics-event="{"category":"Footer","action":"go to contact","label":"text:contact"}">Contact GitHub</a></li>
<li class="mr-3 mr-lg-0"><a href="https://github.com/pricing" data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Footer","action":"go to Pricing","label":"text:Pricing","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="a8ca5e5d14021b21375d9728b87527035a3aa11075230af5fbf7ce840df5a4cd" data-analytics-event="{"category":"Footer","action":"go to Pricing","label":"text:Pricing"}">Pricing</a></li>
<li class="mr-3 mr-lg-0"><a href="https://docs.github.com" data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Footer","action":"go to api","label":"text:api","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="d0180481b1b1133543981a508f4360367b29b4e519188e48b7de91a3d36a0e9b" data-analytics-event="{"category":"Footer","action":"go to api","label":"text:api"}">API</a></li>
<li class="mr-3 mr-lg-0"><a href="https://services.github.com" data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Footer","action":"go to training","label":"text:training","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="225215c47e7f6a8ed1858c0a86404a00c72ff199b249552d7185929f9d595ef0" data-analytics-event="{"category":"Footer","action":"go to training","label":"text:training"}">Training</a></li>
<li class="mr-3 mr-lg-0"><a href="https://github.blog" data-hydro-click="{"event_type":"analytics.event","payload":{"category":"Footer","action":"go to blog","label":"text:blog","originating_url":"https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Files/SVG_XSS.svg","user_id":77883099}}" data-hydro-click-hmac="287aae3582f01f8fb4ff989d66a563aaca121294d19c3221eee10f40f90333ec" data-analytics-event="{"category":"Footer","action":"go to blog","label":"text:blog"}">Blog</a></li>
<li><a data-ga-click="Footer, go to about, text:about" href="https://github.com/about">About</a></li>
</ul>
</div>
<div class="d-flex flex-justify-center pb-6">
<span class="f6 color-fg-muted"></span>
</div>
</footer>
<div id="ajax-error-message" class="ajax-error-message flash flash-error" hidden>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd" d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z"></path>
</svg>
<button type="button" class="flash-close js-ajax-error-dismiss" aria-label="Dismiss error">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-x">
<path fill-rule="evenodd" d="M3.72 3.72a.75.75 0 011.06 0L8 6.94l3.22-3.22a.75.75 0 111.06 1.06L9.06 8l3.22 3.22a.75.75 0 11-1.06 1.06L8 9.06l-3.22 3.22a.75.75 0 01-1.06-1.06L6.94 8 3.72 4.78a.75.75 0 010-1.06z"></path>
</svg>
</button>
You canât perform that action at this time.
</div>
<div class="js-stale-session-flash flash flash-warn flash-banner" hidden
>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-alert">
<path fill-rule="evenodd" d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z"></path>
</svg>
<span class="js-stale-session-flash-signed-in" hidden>You signed in with another tab or window. <a href="">Reload</a> to refresh your session.</span>
<span class="js-stale-session-flash-signed-out" hidden>You signed out in another tab or window. <a href="">Reload</a> to refresh your session.</span>
</div>
<template id="site-details-dialog">
<details class="details-reset details-overlay details-overlay-dark lh-default color-fg-default hx_rsm" open>
<summary role="button" aria-label="Close dialog"></summary>
<details-dialog class="Box Box--overlay d-flex flex-column anim-fade-in fast hx_rsm-dialog hx_rsm-modal" aria-labelledby="box-title">
<button class="Box-btn-octicon m-0 btn-octicon position-absolute right-0 top-0" type="button" aria-label="Close dialog" data-close-dialog>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-x">
<path fill-rule="evenodd" d="M3.72 3.72a.75.75 0 011.06 0L8 6.94l3.22-3.22a.75.75 0 111.06 1.06L9.06 8l3.22 3.22a.75.75 0 11-1.06 1.06L8 9.06l-3.22 3.22a.75.75 0 01-1.06-1.06L6.94 8 3.72 4.78a.75.75 0 010-1.06z"></path>
</svg>
</button>
<div class="octocat-spinner my-6 js-details-dialog-spinner"></div>
</details-dialog>
</details>
</template>
<div class="Popover js-hovercard-content position-absolute" style="display: none; outline: none;" tabindex="0">
<div class="Popover-message Popover-message--bottom-left Popover-message--large Box color-shadow-large" style="width:360px;">
</div>
</div>
<template id="snippet-clipboard-copy-button">
<div class="zeroclipboard-container position-absolute right-0 top-0">
<clipboard-copy aria-label="Copy" class="ClipboardButton btn js-clipboard-copy m-2 p-0 tooltipped-no-delay" data-copy-feedback="Copied!" data-tooltip-direction="w">
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-copy js-clipboard-copy-icon m-2">
<path fill-rule="evenodd" d="M0 6.75C0 5.784.784 5 1.75 5h1.5a.75.75 0 010 1.5h-1.5a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-1.5a.75.75 0 011.5 0v1.5A1.75 1.75 0 019.25 16h-7.5A1.75 1.75 0 010 14.25v-7.5z"></path><path fill-rule="evenodd" d="M5 1.75C5 .784 5.784 0 6.75 0h7.5C15.216 0 16 .784 16 1.75v7.5A1.75 1.75 0 0114.25 11h-7.5A1.75 1.75 0 015 9.25v-7.5zm1.75-.25a.25.25 0 00-.25.25v7.5c0 .138.112.25.25.25h7.5a.25.25 0 00.25-.25v-7.5a.25.25 0 00-.25-.25h-7.5z"></path>
</svg>
<svg aria-hidden="true" height="16" viewBox="0 0 16 16" version="1.1" width="16" data-view-component="true" class="octicon octicon-check js-clipboard-check-icon color-fg-success d-none m-2">
<path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path>
</svg>
</clipboard-copy>
</div>
</template>
<style>
.user-mention[href$="/shubh123-tri"] {
color: var(--color-user-mention-fg);
background-color: var(--color-user-mention-bg);
border-radius: 2px;
margin-left: -2px;
margin-right: -2px;
padding: 0 2px;
}
</style>
</body>
</html>
-----------------------------18722948012327188599867727395--
Error Screenshot that displays sensitive information.
Instance 2
Steps to Reproduce
- Login and go to Settings> General Settings and try to upload LOGO with the extension shell.gpif and you will see the sensitive information.
Request:
POST /demo/plupload HTTP/1.1
Host: demo.microweber.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------22203994064514157472442190611
Content-Length: 977
Origin: https://demo.microweber.org
Connection: close
Referer: https://demo.microweber.org/demo/admin/view:settings
Cookie: laravel_session=yDq2fxz1F6K7BQePQdMXN9ypYMr6lXGl6W4ziCVS; remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=2%7CTtYWLvivLcGGOKkv5QqtzWhOA7vw6wZPZIbryyJKGsVNHLLfQ4n75QWDNFH8%7C%242y%2410%24114oPbqv.UAg3ca706prIuSTMe3pAc9qYqT2gOBR1uldB9UTk%2FlYu; back_to_admin=https%3A//demo.microweber.org/demo/admin/view%3Asettings%23option_group%3Dfiles; csrf-token-data=%7B%22value%22%3A%221VHBRRgD7b6L6V5p4Qt0ykutyKn8qtMThrx2oKvv%22%2C%22expiry%22%3A1642588282160%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
-----------------------------22203994064514157472442190611
Content-Disposition: form-data; name="name"
shell.pgif
-----------------------------22203994064514157472442190611
Content-Disposition: form-data; name="chunk"
0
-----------------------------22203994064514157472442190611
Content-Disposition: form-data; name="chunks"
1
-----------------------------22203994064514157472442190611
Content-Disposition: form-data; name="file"; filename="blob"
Content-Type: application/octet-stream
GIF89a
Response
HTTP/1.1 200 OK
Date: Wed, 19 Jan 2022 10:23:38 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Wed, 19 Jan 2022 10:23:38 GMT
Connection: close
Content-Type: application/json
Content-Length: 127
{"src":"https:\/\/demo.microweber.org\/demo\/userfiles\/media\/default\/shell.pgif","name":"shell.pgif","bytes_uploaded":"977"}
Now viewing file shell.pgif
Request
GET /demo/userfiles/media/default/shell.gpif HTTP/1.1
Host: demo.microweber.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Origin: https://demo.microweber.org
Connection: close
Referer: https://demo.microweber.org/demo/admin/view:settings
Cookie: laravel_session=yDq2fxz1F6K7BQePQdMXN9ypYMr6lXGl6W4ziCVS; remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=2%7CTtYWLvivLcGGOKkv5QqtzWhOA7vw6wZPZIbryyJKGsVNHLLfQ4n75QWDNFH8%7C%242y%2410%24114oPbqv.UAg3ca706prIuSTMe3pAc9qYqT2gOBR1uldB9UTk%2FlYu; back_to_admin=https%3A//demo.microweber.org/demo/admin/view%3Asettings%23option_group%3Dfiles; csrf-token-data=%7B%22value%22%3A%221VHBRRgD7b6L6V5p4Qt0ykutyKn8qtMThrx2oKvv%22%2C%22expiry%22%3A1642588282160%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Response with sensitive information
HTTP/1.1 404 Not Found
Date: Wed, 19 Jan 2022 10:27:44 GMT
Server: Apache
Cache-Control: no-cache, private
Set-Cookie: laravel_session=yDq2fxz1F6K7BQePQdMXN9ypYMr6lXGl6W4ziCVS; expires=Wed, 19-Jan-2022 12:27:44 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Connection: close
Content-Type: application/json
Content-Length: 14256
{
"message": "",
"exception": "Symfony\\Component\\HttpKernel\\Exception\\NotFoundHttpException",
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Foundation/Application.php",
"line": 1119,
"trace": [
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Foundation/helpers.php",
"line": 44,
"function": "abort",
"class": "Illuminate\\Foundation\\Application",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Foundation/helpers.php",
"line": 64,
"function": "abort"
},
{
"file": "/home/demomicr/public_html/demo/src/MicroweberPackages/App/Http/Controllers/ServeStaticFileContoller.php",
"line": 36,
"function": "abort_if"
},
{
"file": "/home/demomicr/public_html/demo/src/MicroweberPackages/App/Http/Controllers/ServeStaticFileContoller.php",
"line": 27,
"function": "sendResponse",
"class": "MicroweberPackages\\App\\Http\\Controllers\\ServeStaticFileContoller",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Routing/Controller.php",
"line": 54,
"function": "serveFromUserfiles",
"class": "MicroweberPackages\\App\\Http\\Controllers\\ServeStaticFileContoller",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php",
"line": 45,
"function": "callAction",
"class": "Illuminate\\Routing\\Controller",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Routing/Route.php",
"line": 262,
"function": "dispatch",
"class": "Illuminate\\Routing\\ControllerDispatcher",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Routing/Route.php",
"line": 205,
"function": "runController",
"class": "Illuminate\\Routing\\Route",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
"line": 695,
"function": "run",
"class": "Illuminate\\Routing\\Route",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 128,
"function": "Illuminate\\Routing\\{closure}",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Http/Middleware/CheckResponseForModifications.php",
"line": 19,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Http\\Middleware\\CheckResponseForModifications",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php",
"line": 121,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php",
"line": 64,
"function": "handleStatefulRequest",
"class": "Illuminate\\Session\\Middleware\\StartSession",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/src/MicroweberPackages/App/Http/Middleware/SessionlessMiddleware.php",
"line": 23,
"function": "handle",
"class": "Illuminate\\Session\\Middleware\\StartSession",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "MicroweberPackages\\App\\Http\\Middleware\\SessionlessMiddleware",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 103,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
"line": 697,
"function": "then",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
"line": 672,
"function": "runRouteWithinStack",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
"line": 636,
"function": "runRoute",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
"line": 625,
"function": "dispatchToRoute",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",
"line": 167,
"function": "dispatch",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 128,
"function": "Illuminate\\Foundation\\Http\\{closure}",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/fideloper/proxy/src/TrustProxies.php",
"line": 57,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Fideloper\\Proxy\\TrustProxies",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/fruitcake/laravel-cors/src/HandleCors.php",
"line": 38,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Fruitcake\\Cors\\HandleCors",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php",
"line": 86,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php",
"line": 27,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php",
"line": 21,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php",
"line": 40,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TrimStrings",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php",
"line": 121,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php",
"line": 64,
"function": "handleStatefulRequest",
"class": "Illuminate\\Session\\Middleware\\StartSession",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/src/MicroweberPackages/App/Http/Middleware/StartSessionExtended.php",
"line": 22,
"function": "handle",
"class": "Illuminate\\Session\\Middleware\\StartSession",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "MicroweberPackages\\App\\Http\\Middleware\\StartSessionExtended",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php",
"line": 21,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php",
"line": 31,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php",
"line": 37,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 103,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",
"line": 142,
"function": "then",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",
"line": 111,
"function": "sendRequestThroughRouter",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "/home/demomicr/public_html/demo/index.php",
"line": 90,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
}
]
}
Shell.pgif file can be found here: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files/Extension%20PHP
We are processing your report and will contact the
microweber
team within 24 hours.
a year ago
We have contacted a member of the
microweber
team and are waiting to hear back
a year ago
We have sent a
follow up to the
microweber
team.
We will try again in 7 days.
a year ago
We have sent a
second
follow up to the
microweber
team.
We will try again in 10 days.
a year ago
to join this conversation
We are processing your report and will contact the
microweber
team within 24 hours.
a year ago
We have contacted a member of the
microweber
team and are waiting to hear back
a year ago
We have sent a
follow up to the
microweber
team.
We will try again in 7 days.
a year ago
We have sent a
second
follow up to the
microweber
team.
We will try again in 10 days.
a year ago
to join this conversation