XSS challenges

Submit via twitter @garethheyes or by gmail gazheyes put at instead of this sentence at gmail.com
  1. HTML injection limit
  2. Multi injection limit
  3. Multi injection limit #2
  4. Multi injection limit #3

Multi-injection limit

Description

How many characters can you inject that executes JavaScript in multiple contexts using one vector? The alert will show you did it when your vector executes in all contexts.

Rules

  1. You cannot use other challenges or other pages to smuggle your vector
  2. Must be a multivector that calls alert(1) in each context
  3. Any modern browser
  4. Must execute in all contexts on this page.
  5. You must call alert(1) in all contexts
  6. Only 1 alert call must be inside your vector
  7. You cannot alter the redefined alert function

Current record

37

Current input

3

Leaderboard

  1. @insertScript, @theharmonyguy, @shafigullin (37)
  2. @insertScript (38)
  3. @theharmonyguy (38)
  4. @shafigullin (38)
  5. @garethheyes (42)
  6. @avlidienbrunn (44)
  7. @0xAli (47)
Last context please click xss

XSS THIS LINK