### XSS via Form Action JavaScript Protocol (Alternative) Source: https://github.com/wavemaker/wavemaker-app-runtime-services/blob/master/wavemaker-app-runtime-core/src/test/resources/com/wavemaker/runtime/xss/xss-attack-vector-input.txt Similar to a previous form action example, this payload uses a `javascript:` URI in the `action` attribute, but with different HTML entity encoding for the colon and question mark. ```html