Other POC:
POC BIS (extremly minimal)
POC (very minimal)
MINIMAL (minimal)
DEBUG (full-featured)
Pros
- The whole entry point is 95 bytes
- It uses getElementById() so more browsers understand it
- Uses the onerror event of an image, it's executed automatically (good feature!)
- The entry point is almost invisible in case of JS off (if you can, put some style="" to hide it completly)
Cons
- It uses ' or " (in some conditions both)
- The blob CAN NOT have new lines and spaces in it
Proof of concept
%61%6C%65%72%74%28%27%55%68%2C%20%69%74%20%77%6F%72%6B%65%64%20%3A%20%29%27%29%3B%0A%0A%2F%2A%4E%6F%74%65%3A%0A%57%65%20%63%61%6E%20%70%75%74%20%61%6E%79%20%73%74%75%66%66%20%68%65%72%65%2C%20%77%69%74%68%20%6E%6F%20%6C%69%6D%69%74%20%69%6E%20%6C%65%6E%67%74%68%20%6F%72%20%63%68%61%72%73%2E%20%2A%2F