Just tried to hack one of my own sites and happy to confirm that it is protected from basic XXS attack using WAF. ?

2 mins of reading and I believe I can bypass the WAF ?

Fix: User input should be output encoded in correct context where it is copied into response application.