# XSS Bypass

## Introduction

For those new to Cross-Site Scripting (XSS) attacks, it is essential to first understand the fundamental concepts before exploring filter bypass techniques.

***

## Alternatives to `alert()`

Many web applications block the `alert()` function to mitigate XSS attacks. Below are alternative functions that can be used:

* **`confirm()`** instead of `alert()`
* **`prompt()`** instead of `alert()`
* **`console.log()`** instead of `alert()`
* **`eval()`** instead of `alert()`

***

## Alternatives to the `onerror` Event Handler

If the `onerror` event handler is blocked, the following alternatives can be used to trigger JavaScript execution:

* **`onload`**
* **`onfocus`**
* **`onmouseover`**
* **`onblur`**
* **`onclick`**
* **`onscroll`**

These event handlers can be embedded within HTML elements to execute scripts when the event is triggered.

***

## Handling Parentheses Filtering

If parentheses `()` are filtered, backticks `` ` ` `` can be used as an alternative. Examples:

```html
<script>alert`1`</script>
<img src=x onerror=alert`1`>
<img src=x onerror=prompt`1`>
javascript:prompt`1`
javascript:alert`1`
```

This method is effective against weak input sanitization mechanisms that only block standard function calls enclosed in parentheses.

***

## Additional Resources

For further learning and reference, the following resources provide comprehensive details on XSS filter evasion techniques:

1. **PortSwigger XSS Cheat Sheet** - [Visit PortSwigger](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
2. **OWASP XSS Filter Evasion Cheat Sheet** - [Visit OWASP](https://owasp.org/www-community/xss-filter-evasion-cheatsheet)

***

## Contact Information

For discussions and insights, you can connect with:

* [**@Fani Malik**](https://twitter.com/fanimalikhack/)

***

*Enhanced and reformatted for HowToHunt repository by* [*remonsec*](https://x.com/remonsec)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kathan19.gitbook.io/howtohunt/xss/xss_bypass.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.