I am performing a security assessment on a website and have discovered a potential XSS vulnerability. I am able to exploit it if I use Burp Suite by supplying my script in place of a parameter in the query string. However, I if I try injecting the code into a URL and clicking on it, the server strips out my JavaScript. I have attempted to use numerous differnet types of encoding with no success. Is there anyway to bypass server side validation? The specific JavaScript unpacker being used is jsunpack. Thanks for any advice in advance.
