This bypass technique involves hiding Cross-Site Scripting (XSS) payloads inside SVG or MathML elements in an HTML document. Custom XSS sanitizers and Web Application Firewalls (WAFs) often fail to detect these payloads because they are embedded in less commonly inspected parts of the markup. SVG and MathML elements can include scriptable attributes and content, which attackers can exploit to execute malicious scripts. Using this method, attackers can evade filters that do not thoroughly sanitize these elements. This tip is useful for bug bounty hunters and security testers to understand a practical way attackers bypass filters in real-world applications. It highlights the importance for developers and security teams to extend sanitization and filtering to cover SVG and MathML content to prevent XSS vulnerabilities.