Recently, i came in contact with a tool that was vulnerable to an XSS via Wi-Fi SSIDs. SSIDs are limited to 32 bytes, which is very short for a proper XSS vector. The classical <img src=# onerror=alert()> is already 27 chars long, so there is not much space for any message or payload. The shortest domain I owned was 11 characters long, so <script src=//XXXXXXX.XXX></script> would have been too long for the vector. Therefore, I needed a domain and decided to buy x33.li. Now it hosts a script which triggers an alert window and a short message. Feel free to use this domain for your own projects.

Happy hacking.