An actual XSS on google.com by Masato Kinugawa. It abuses a parser differential between a JavaScript enabled and disabled context.

More Web Vulnerabilities

This category is about common web applocation vulnerability patterns like XSS, CSRF, SSRF and more.