function isXSSAttack(input) {
    const xssPattern = /[;'"><(),\\]|script|svg|alert|confirm|prompt|onload|onmouseover|onfocus|onerror|img/i;
    return xssPattern.test(input);
}

// 示例用法
var userInput = "onload='alert(1)'";
var isXSS = isXSSAttack(userInput);

console.log(isXSS);  // 输出: true