1.CSS----------- 2.window.location.hash 3.localStorage 4.Flash 安全沙箱 5.geturl 6.XSF---- 跨站flashing 7.利用Flash进行XSS攻击 8.flash进行CSRF 9.CRLF注入 10 IE— utf-7 BOM XSS 11.Adobe Acrobat -----pdf xss 12.RSS ----XSS 13.特殊 1.Tab 键 2.CSS 3.string.fromcharcode 14.防御DOM -XSS