A website fully filter the alert function from his website, and replace it with an empty string, but I want to bypass it and still popup an alert, I am trying to solve an XSS challenge, and I figure out that the site identify the double "l" char, and fully removes the string.
the output is
<script>allert(1)</script>, and when I remove the second "l", the output is
<script></script>, Only the "l" is still showing the
alert function, any other double char is fully removes the string How can I bypass it ?