A good way to bypass alibaba WAF for XSS?