Generate an XSS payload using common WAF-bypass and encoding techniques, from basic tag injection to advanced obfuscation. Pick a level, a context, and what the payload should do.
Picking a specific injection type or obfuscation below switches this to Custom automatically.
The generator picks the quote style and encoding that avoids these characters where possible.
The classic proof-of-concept — a visible popup confirms JavaScript executed in the page's context.