????6??XSS???
?????й??з????????????????????δ??????XSS????????????????????javascript???????????????????????XSS?????????????????????????????????????"&"??"".????????"&"????????SQL???????????????????????16???????????????????У?XSS???????????????????????????????????IE??????????????UNICODE????HTML?????????&#ASCII?????д??????XSS??????10?????16?????SQL?????????16????????????????????????XSS???????????????????????????????<img src="javascript:alert('XSS');">?????
????<img src="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97
????&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41&#59"> //10???????
????<img src="&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70
????&#x74&#x3a&#x61&#x6c&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&#x3b"> //16???????
???????&#???????????????0???“&#0106” ??“&#00106” ??“&#000106”????“&#0000106”???????
?????????""?????????????????XSS 0DAY?????????????CSS??Cascading Style Sheets???????????к????????????????????????????????javascript??eval ?????????????????????????????????
????eval(codeString)??????? codestring ???????????Ч JScript ????????????????????????? JScript ?????????з???????С?
?????????JavaScript?е?""???????????????????????""????16????????????д???

 

<SCRIPT LANGUAGE="JavaScript">
eval("x6ax61x76x61x73x63x72x69x70x74x3ax61x6cx65x72x74x28x22x58x53x53x22x29")
</SCRIPT>