# A very small hacking tip If you're testing for XSS manually don't try esoteric payloads in the first place, they can be hard to spot or require additional steps like viewing the source-code. Use the `<xmp>` HTML-tag which "renders text between the start and end tags without interpreting the HTML" [0]. This will create immediately visual output. From there you can go on with e.g. a XSS polyglot.  --- [0] https://developer.mozilla.org/en-US/docs/Web/HTML/Element/xmp