CRV2 RevCodeXSS

HTML Body Context
UNTRUSTED DATA

HTML Attribute Context
 attack: "> /* bad stuff */

HTTP GET Parameter Context
clickme attack: " onclick="/* bad stuff */"

URL Context
clickme  attack: javascript:/* BAD STUFF */

CSS Value Context
Selection attack: expression(/* BAD STUFF */)

JavaScript Variable Context
var currentValue='UNTRUSTED DATA';

someFunction('UNTRUSTED DATA');

attack: ');/* BAD STUFF */

JSON Parsing Context
JSON.parse(UNTRUSTED JSON DATA)