Cheat sheets
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters ignored in JSON property names
\
JSON.parse('{"x [1]":1}').x&&log($[i])
How do you use it?
[1]
JSON.parse('{"x\":1}').x&&log($[i])![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters that act as attribute quotes
" '
<div a= [1]><!-- ></div><img src=x:x onerror=log($[i]) -->
How do you use it?
[1]
<div a="><!-- ></div><img src=x:x onerror=log($[i]) --><div a='><!-- ></div><img src=x:x onerror=log($[i]) -->
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters ignored in an attribute name
HT LF FF CR SPACE / >
<div [1]="><img src=x:x onerror=log($[i])>"></div>
How do you use it?
[1]
<div HT="><img src=x:x onerror=log($[i])>"></div><div LF="><img src=x:x onerror=log($[i])>"></div>
<div FF="><img src=x:x onerror=log($[i])>"></div>
<div CR="><img src=x:x onerror=log($[i])>"></div>
<div SPACE="><img src=x:x onerror=log($[i])>"></div>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed javascript and colon copy
HT LF CR : \
if (new URL(`javascript [1]:alert(1)`).protocol === "javascript:") { log(${i});}
How do you use it?
[1]
if (new URL(`javascriptHT:alert(1)`).protocol === "javascript:") { log(${i});}
if (new URL(`javascriptLF:alert(1)`).protocol === "javascript:") { log(${i});}
if (new URL(`javascriptCR:alert(1)`).protocol === "javascript:") { log(${i});}
if (new URL(`javascript::alert(1)`).protocol === "javascript:") { log(${i});}
if (new URL(`javascript\:alert(1)`).protocol === "javascript:") { log(${i});}
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters that can precede the javascript protocol
SOH STX ETX EOT ENQ ACK BEL BS HT LF VT FF CR SO SI DLE DC1 DC2 DC3 DC4 NAK SYNC ETB CAN EM SUB ESC FS GS RS US SPACE
HT LF CR
<a href=" [1]javas [2]cript:test.com/" id="test"></a>
How do you use it?
[1]
<a href="SOHjavascript:test.com/" id="test"></a><a href="STXjavascript:test.com/" id="test"></a>
<a href="ETXjavascript:test.com/" id="test"></a>
<a href="EOTjavascript:test.com/" id="test"></a>
<a href="ENQjavascript:test.com/" id="test"></a>
[2]
<a href=" javasHTcript:test.com/" id="test"></a><a href=" javasLFcript:test.com/" id="test"></a>
<a href=" javasCRcript:test.com/" id="test"></a>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed javascript and colon
HT
HT : \
if (new URL("javascrip [1]t [2]:alert()").protocol=="javascript:"){log($[i])}
How do you use it?
[1]
if (new URL("javascripHTt:alert()").protocol=="javascript:"){log($[i])}[2]
if (new URL("javascriptHT:alert()").protocol=="javascript:"){log($[i])}if (new URL("javascript::alert()").protocol=="javascript:"){log($[i])}
if (new URL("javascript\:alert()").protocol=="javascript:"){log($[i])}
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters that can be used in eval to write code in between
HT VT FF SPACE ; \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff
eval(' [1]log($[i])')
How do you use it?
[1]
eval('HTlog($[i])')eval('VTlog($[i])')
eval('FFlog($[i])')
eval('SPACElog($[i])')
eval(';log($[i])')
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters to break out from eval string
"
eval('" [1]');log($[i]);
How do you use it?
[1]
eval('""');log($[i]);![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Valid characters between function and dot-parenthesis .()
?
prompt [1].();log($[i])
How do you use it?
[1]
prompt?.();log($[i])![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Valid characters between function and parenthesis
HT LF VT FF CR SPACE \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff
alert [1]();log($[i])
How do you use it?
[1]
alertHT();log($[i])alertLF();log($[i])
alertVT();log($[i])
alertFF();log($[i])
alertCR();log($[i])
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed between < and element
<h1>sample</h1>
How do you use it?
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Attribute separators
<imgonerror=alert() src=x />
How do you use it?
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed before optional chaining
HT LF VT FF CR SPACE \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff
HT LF VT FF CR SPACE \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff
log [1]?. [2]($[i])
How do you use it?
[1]
logHT?. ($[i])logLF?. ($[i])
logVT?. ($[i])
logFF?. ($[i])
logCR?. ($[i])
[2]
log ?.HT($[i])log ?.LF($[i])
log ?.VT($[i])
log ?.FF($[i])
log ?.CR($[i])
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed before the tag attribute and equals.
HT LF FF CR SPACE
<div style [1]="color:red;">test</div>
How do you use it?
[1]
<div styleHT="color:red;">test</div><div styleLF="color:red;">test</div>
<div styleFF="color:red;">test</div>
<div styleCR="color:red;">test</div>
<div styleSPACE="color:red;">test</div>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed after the void operator
HT LF VT FF CR SPACE ! + - ~ \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff
void [1]log($[i])
How do you use it?
[1]
voidHTlog($[i])voidLFlog($[i])
voidVTlog($[i])
voidFFlog($[i])
voidCRlog($[i])
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters that can be used as valid labels in JavaScript
$ _ \xaa \xb5 \xba \u02ec \u02ee \u037f \u0386 \u038c \u0559 \u06d5 \u06ff \u0710 \u07b1 \u07fa \u081a \u0824 \u0828 \u093d \u0950 \u09b2 \u09bd \u09ce \u09fc \u0a5e \u0abd \u0ad0 \u0af9 \u0b3d \u0b71 \u0b83 \u0b9c \u0bd0 \u0c3d \u0c5d \u0c80 \u0cbd \u0d3d \u0d4e \u0dbd \u0e84 \u0ea5 \u0ebd \u0ec6 \u0f00 \u103f \u1061 \u108e \u10c7 \u10cd \u1258 \u12c0 \u17d7 \u17dc \u18aa \u1aa7 \u1cfa \u1f59 \u1f5b \u1f5d \u1fbe \u2071 \u207f \u2102 \u2107 \u2115 \u2124 \u2126 \u2128 \u214e \u2d27 \u2d2d \u2d6f \ua7d3 \ua8fb \ua9cf \uaa7a \uaab1 \uaac0 \uaac2 \ufb1d \ufb3e \u{010808} \u{01083c} \u{010a00} \u{010f27} \u{011075} \u{011144} \u{011147} \u{011176} \u{0111da} \u{0111dc} \u{011288} \u{01133d} \u{011350} \u{0114c7} \u{011644} \u{0116b8} \u{011909} \u{01193f} \u{011941} \u{0119e1} \u{0119e3} \u{011a00} \u{011a3a} \u{011a50} \u{011a9d} \u{011c40} \u{011d46} \u{011d98} \u{011f02} \u{011fb0} \u{016f50} \u{016fe3} \u{01b132} \u{01b155} \u{01d4a2} \u{01d4bb} \u{01d546} \u{01e14e} \u{01e94b} \u{01ee24} \u{01ee27} \u{01ee39} \u{01ee3b} \u{01ee42} \u{01ee47} \u{01ee49} \u{01ee4b} \u{01ee54} \u{01ee57} \u{01ee59} \u{01ee5b} \u{01ee5d} \u{01ee5f} \u{01ee64} \u{01ee7e}
[1]:log($[i])
How do you use it?
[1]
$:log($[i])_:log($[i])
\xaa:log($[i])
\xb5:log($[i])
\xba:log($[i])
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters that are valid JS variables
$ _ \xaa \xb5 \xba \u02ec \u02ee \u037f \u0386 \u038c \u0559 \u06d5 \u06ff \u0710 \u07b1 \u07fa \u081a \u0824 \u0828 \u093d \u0950 \u09b2 \u09bd \u09ce \u09fc \u0a5e \u0abd \u0ad0 \u0af9 \u0b3d \u0b71 \u0b83 \u0b9c \u0bd0 \u0c3d \u0c5d \u0c80 \u0cbd \u0d3d \u0d4e \u0dbd \u0e84 \u0ea5 \u0ebd \u0ec6 \u0f00 \u103f \u1061 \u108e \u10c7 \u10cd \u1258 \u12c0 \u17d7 \u17dc \u18aa \u1aa7 \u1cfa \u1f59 \u1f5b \u1f5d \u1fbe \u2071 \u207f \u2102 \u2107 \u2115 \u2124 \u2126 \u2128 \u214e \u2d27 \u2d2d \u2d6f \ua7d3 \ua8fb \ua9cf \uaa7a \uaab1 \uaac0 \uaac2 \ufb1d \ufb3e \u{010808} \u{01083c} \u{010a00} \u{010f27} \u{011075} \u{011144} \u{011147} \u{011176} \u{0111da} \u{0111dc} \u{011288} \u{01133d} \u{011350} \u{0114c7} \u{011644} \u{0116b8} \u{011909} \u{01193f} \u{011941} \u{0119e1} \u{0119e3} \u{011a00} \u{011a3a} \u{011a50} \u{011a9d} \u{011c40} \u{011d46} \u{011d98} \u{011f02} \u{011fb0} \u{016f50} \u{016fe3} \u{01b132} \u{01b155} \u{01d4a2} \u{01d4bb} \u{01d546} \u{01e14e} \u{01e94b} \u{01ee24} \u{01ee27} \u{01ee39} \u{01ee3b} \u{01ee42} \u{01ee47} \u{01ee49} \u{01ee4b} \u{01ee54} \u{01ee57} \u{01ee59} \u{01ee5b} \u{01ee5d} \u{01ee5f} \u{01ee64} \u{01ee7e}
var [1]=log($[i])
How do you use it?
[1]
var $=log($[i])var _=log($[i])
var \xaa=log($[i])
var \xb5=log($[i])
var \xba=log($[i])
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed instead of equal sign
=
<img src onerror [1]log($[i])>
How do you use it?
[1]
<img src onerror=log($[i])>![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed between hostname and / but don't change the hostname
if (new URL("https://example.com/").hostname === 'example.com'){log($[i])}
How do you use it?
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed before onerror events
HT LF FF CR SPACE /
<img src [1]onerror=log($[i])>
How do you use it?
[1]
<img src HTonerror=log($[i])><img src LFonerror=log($[i])>
<img src FFonerror=log($[i])>
<img src CRonerror=log($[i])>
<img src SPACEonerror=log($[i])>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters between < and element name
<
HT LF FF CR SPACE / >
< [1]found [2]>
How do you use it?
[1]
<<found >[2]
<foundHT><foundLF>
<foundFF>
<foundCR>
<foundSPACE>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed between an object and bracket notation
HT LF VT FF CR SPACE % & * + , - / : ; < = > ^ | \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff
document [1]['location'];log($[i])
How do you use it?
[1]
documentHT['location'];log($[i])documentLF['location'];log($[i])
documentVT['location'];log($[i])
documentFF['location'];log($[i])
documentCR['location'];log($[i])
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed between an object and the dot operator
HT LF VT FF CR SPACE ? \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff
window [1].alert();log($[i])
How do you use it?
[1]
windowHT.alert();log($[i])windowLF.alert();log($[i])
windowVT.alert();log($[i])
windowFF.alert();log($[i])
windowCR.alert();log($[i])
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
HTML comment before greater than
! - >
<!---- [1]><found>
How do you use it?
[1]
<!----!><found><!-----><found>
<!---->><found>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters that can be inserted in the middle of the JS protocol name
HT LF CR
<a id="0" href="j [1]avascript:window">craft-me</a>
How do you use it?
[1]
<a id="0" href="jHTavascript:window">craft-me</a><a id="0" href="jLFavascript:window">craft-me</a>
<a id="0" href="jCRavascript:window">craft-me</a>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed in-between operators
HT LF VT FF CR SPACE \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff
"1337" [1]inlog($[i])
How do you use it?
[1]
"1337"HTinlog($[i])"1337"LFinlog($[i])
"1337"VTinlog($[i])
"1337"FFinlog($[i])
"1337"CRinlog($[i])
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed in-between hyphens
-
<!- [1]- ><xmp>--><img src/onerror=log($[i])>-->
How do you use it?
[1]
<!--- ><xmp>--><img src/onerror=log($[i])>-->![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed as a class separator
HT LF FF CR SPACE
<div class=" [1]x"></div>
How do you use it?
[1]
<div class="HTx"></div><div class="LFx"></div>
<div class="FFx"></div>
<div class="CRx"></div>
<div class="SPACEx"></div>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters that act like new line or single line comment
LF CR & * / ; < = > ? | \u2028 \u2029
log($[i]) [1]sdfasdfasfasfd
How do you use it?
[1]
log($[i])LFsdfasdfasfasfdlog($[i])CRsdfasdfasfasfd
log($[i])&sdfasdfasfasfd
log($[i])*sdfasdfasfasfd
log($[i])/sdfasdfasfasfd
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters that act as quotes or whitespace
HT LF FF CR SPACE " ' ;
<div style= [1]color:red></div>
How do you use it?
[1]
<div style=HTcolor:red></div><div style=LFcolor:red></div>
<div style=FFcolor:red></div>
<div style=CRcolor:red></div>
<div style=SPACEcolor:red></div>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed between HTML attributes
HT LF FF CR SPACE /
<img [1]srconerror=log($[i])>
How do you use it?
[1]
<imgHTsrconerror=log($[i])><imgLFsrconerror=log($[i])>
<imgFFsrconerror=log($[i])>
<imgCRsrconerror=log($[i])>
<imgSPACEsrconerror=log($[i])>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Valid characters before domain 1
HT LF CR / @ \ \xad \u034f \u180b \u180c \u180d \u180f \u200b \u2060 \u2064 \ufe00 \ufe01 \ufe02 \ufe03 \ufe04 \ufe05 \ufe06 \ufe07 \ufe08 \ufe09 \ufe0a \ufe0b \ufe0c \ufe0d \ufe0e \ufe0f \ufeff
<a href="https:// [1]example.com/" id="test$[i]"></a>
How do you use it?
[1]
<a href="https://HTexample.com/" id="test$[i]"></a><a href="https://LFexample.com/" id="test$[i]"></a>
<a href="https://CRexample.com/" id="test$[i]"></a>
<a href="https:///example.com/" id="test$[i]"></a>
<a href="https://@example.com/" id="test$[i]"></a>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters that can break out of a single line comment
LF CR \u2028 \u2029
// [1]log($[i])
How do you use it?
[1]
// LFlog($[i])// CRlog($[i])
// \u2028log($[i])
// \u2029log($[i])
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed between variable name and equals sign
HT LF VT FF CR SPACE \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff
const x [1]="x"
if(x==="x"){log($[i])}
How do you use it?
[1]
const xHT="x"
if(x==="x"){log($[i])}const xLF="x" if(x==="x"){log($[i])}
const xVT="x" if(x==="x"){log($[i])}
const xFF="x" if(x==="x"){log($[i])}
const xCR="x" if(x==="x"){log($[i])}
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed between slashes
HT / \
anchor.href='/ [1]/example.com';
if(anchor.host === 'example.com')log($[i])
How do you use it?
[1]
anchor.href='/HT/example.com';
if(anchor.host === 'example.com')log($[i])anchor.href='///example.com'; if(anchor.host === 'example.com')log($[i])
anchor.href='/\/example.com'; if(anchor.host === 'example.com')log($[i])
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Break out of CSS strings
LF FF CR '
<div style="font-family:'x [1];color:red;';">test</div>
How do you use it?
[1]
<div style="font-family:'xLF;color:red;';">test</div><div style="font-family:'xFF;color:red;';">test</div>
<div style="font-family:'xCR;color:red;';">test</div>
<div style="font-family:'x';color:red;';">test</div>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
characters after slash that make a http protocol
/ \
<a href="/ [1]test.com/" id="test$[i]"></a>
How do you use it?
[1]
<a href="//test.com/" id="test$[i]"></a><a href="/\test.com/" id="test$[i]"></a>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters after strings
LF CR % & * + , - / ; < > ^ | \u2028 \u2029
"" [1]log($[i])
How do you use it?
[1]
""LFlog($[i])""CRlog($[i])
""%log($[i])
""&log($[i])
""*log($[i])
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed between in operator
HT LF VT FF CR SPACE \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff
1337 [1]inlog($[i])
How do you use it?
[1]
1337HTinlog($[i])1337LFinlog($[i])
1337VTinlog($[i])
1337FFinlog($[i])
1337CRinlog($[i])
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters that separate CSS properties
;
<div style="font-family:'blah' [1]color:red"></div>
How do you use it?
[1]
<div style="font-family:'blah';color:red"></div>![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Character that closes HTML tag
>
<img src=x [1]<found>
How do you use it?
[1]
<img src=x><found>![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
JavaScript separators between function names
LF CR % & * + , - / ; < > ^ | \u2028 \u2029
console.log() [1]log($[i])
How do you use it?
[1]
console.log()LFlog($[i])console.log()CRlog($[i])
console.log()%log($[i])
console.log()&log($[i])
console.log()*log($[i])
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Character allowed after onerror event
HT LF FF CR SPACE
<img src=x onerror [1]=log($[i])>
How do you use it?
[1]
<img src=x onerrorHT=log($[i])><img src=x onerrorLF=log($[i])>
<img src=x onerrorFF=log($[i])>
<img src=x onerrorCR=log($[i])>
<img src=x onerrorSPACE=log($[i])>
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed before parentheses
HT LF VT FF CR SPACE
HT LF VT FF CR SPACE ; \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff
log [1]($[i]) [2]
How do you use it?
[1]
logHT($[i]) logLF($[i])
logVT($[i])
logFF($[i])
logCR($[i])
[2]
log ($[i])HTlog ($[i])LF
log ($[i])VT
log ($[i])FF
log ($[i])CR
![Vector background](/_next/image?url=%2Fvectors%2Fvector-bg1.png&w=3840&q=100)
Characters allowed after * in CSS comments
/
<div style="/** [1]color:red;">test</div>
How do you use it?
[1]
<div style="/**/color:red;">test</div>