There is no shortage of defenses against cross-site scripting (XSS) since it is so prevalent on the web today. Filters are one of the most common implementations used to prevent this type of attack, usually configured as a blacklist of known bad expressions or based on regex evaluation. But there is hope with a wide variety of techniques that can be used to defeat these filters.
We can start off with some relatively simple filter bypasses. Depending on the complexity of the filter involved, these can yield results with minimal effort.
Most of the techniques we will… more