This page collects XSS attacks where the payload is validated to be a specific HTML tag. This severely restricts the payloads that can be used, and is generally relevant for testing attacks against CMS systems or similar features.
These vectors only verify if the tag in the request is a certain tag.
The following vectors will only allow a certain attribute for a tag.
The first value is the tag being allowed, the second the specific attribute.
A collection of other esoteric attack types, exercising various types of escaping.
<script>alert(1)</script>)
.
The server applies a single line regular expression to filter out any
tag in the request, which can be tricked by a multiline payload.