Classic javascript injection " <script>alert(1)</script> " is blocked by WAFa or does not work in a specific framework? Looking for an attack vector under Vue.js or Angular? This list is for you.
Portswigger publishes the results of the work of more than a dozen researchers in the form of the so-called "Cross-site scripting (XSS) cheat sheet". The list is so interesting that it is constantly updated and developed. In addition, you can select an attack vector by the event, tag, browser version, and specific technology that you are calling.
List to find here – XSS cheat sheet
