iframe伪协议

//脚本标签

<iframe src="javascript:'<script>alert(0)</script><script src=http://ptlogin2.qq.com/getlongnick></script>'"></iframe>

//js代码
var ifr= document.createElement('iframe');
ifr.src="javascript:(function(){var d=document;d.open();d.write('---something');d.close()})()";