=&{()} No Filter Evasion. XSS Cheat Sheet. Many applications use JSON Web Tokens (JWT) to allow the client to indicate its identity for further exchange after authentication.. From JWT.IO:. DOMPurify is a fast, tolerant XSS … GitHub Gist: instantly share code, notes, and snippets. It’s the