XSS WAF Bypass Methodology

Test payloads against specific WAF versions

Combine multiple encoding techniques

Use different event handlers to bypass filters

Try mixing HTML and JavaScript encoding

Leverage legitimate HTML attributes

Test with and without quotes/double quotes

Use different case combinations

Try adding multiple attributes

Document successful bypasses for each WAF

Always verify payload execution in the target context