Just tried to hack one of my own sites and happy to confirm that it is protected from basic XXS attack using WAF. 🥳

2 mins of reading and I believe I can bypass the WAF 🥲

Fix: User input should be output encoded in correct context where it is copied into response application.