1.http://www.backlion.org/?p=6218 ( WAF的XSS绕过姿势 )
2.https://www.leavesongs.com/PENETRATION/xss-collect.html (那些年我们没能bypass的xss filter[from wooyun])
3.文件上传XSS: http://www.55118885.com/w/529184.html
4.https://xianzhi.aliyun.com/forum/read/536.html (XSS Bypass Cookbook)
5.理解xss解析 http://bobao.360.cn/learning/detail/292.html
6.http://www.freebuf.com/articles/web/24496.html xss如何加载远程js的一些tips
7.Bypass xss过滤的测试方法 | WooYun知识库
8.XSS与字符编码的那些事儿 ---科普文 | WooYun知识库