XSS Payloads

The wonderland of JavaScript unexpected usages, and more.
Much much more ...


A fine collection of selected javascript payloads.

More than 50 pieces of code, from the common javascript usage to the absolutely unexpected.

Quite unlikely not to find what you are looking for.


Some companion stuff useful to enrich your XSS experience.

Leverage XSS vulnerabilities, build custom payloads, control botnets, practice your pentesting skills ...

The best and the rest.


A full library of tutorials, advanced papers and presentations we found quite valuable.

These docs should help understand most concepts behind the techniques used in current and past payloads.

Most should be read before moving any further. You'd better know what you are doing...


Contacts, disclaimers and our twitter feed.

And the most important : credits! Because this site's content mostly comes from the community.

Thanks to all of you who participated in XSS related researches !