🎅 - Yo, ho ho! - 🎄
Welcome to the twentythousand-and-one Vector To Rule Them All Challenge. You are the 1487th visitor!
The intent of this xssmas challenge is to find an XSS vector that triggers in as many contexts as possible and is inspired by
Gareth Heyes's classic "One vector to rule them all".
- XSS this page.
- Your injection will be reflected in a lot of different contexts.
- Escape all of them to get as many alerts popping as possible.
- Make that XSS vector short.
- Rating is currently paused.
Submit your solution in an email.
New: Submissions will be evaluated daily, in the CET evenings.
- Tip: Just call
alert() and we'll count for you.
- Winner is the submission with the most contexts successfully XSS'd, ranked by size (shorter is better).
Submissions that trigger in all contexts
Honorable mention for submissions that do not hit all required contexts:
Tom Holmes, Roberto Bo Xiao, Richard Moore, smaury, Tolga, Rudra Sarkar,
Ross Snider, William Le Berre, Jim Manico, 02E774
| ||Simon Pieters||84|
| ||Robert Xiao||118|
| ||Andrew Shurigyn||142|
| ||Clinton Campbell||315|